Storage area network methods and apparatus for identifiying fiber channel devices in kernel mode

ABSTRACT

The invention provides an improved storage area network (SAN) of the type that has a host or other digital data processor whose ports are coupled to peripheral devices that include fiber channel or other SAN-class storage devices. Processes executing on the host (or other digital data processor) generate requests for access to those peripheral devices. A persistent store identifies ports coupled to SAN-class storage devices. This store can be loaded, for example, by a process that executes on the host in user mode. A filter executes on the host in kernel mode to block access to selected ones of those SAN-class storage devices.

BACKGROUND OF THE INVENTION

[0001] The invention pertains to digital data processing and, moreparticularly, to storage area networks and methods of operation thereof.The invention has application, for example, in managing access by aplurality of digital data processors (e.g., web or file servers,graphical workstations and so forth) to a plurality of disk drives, diskarrays and other storage devices.

[0002] In early computer systems, long-term data storage was typicallyprovided by dedicated storage devices, such as tape and disk drives,connected to a data central computer. Requests to read and write datagenerated by applications programs were processed by special-purposeinput/output routines resident in the computer operating system. Withthe advent of “time sharing” and other early multiprocessing techniques,multiple users could simultaneously store and access data—albeit onlythrough the central storage devices.

[0003] With the rise of the personal computer (and workstation) in the1980's, demand by business users led to development of interconnectionmechanisms that permitted otherwise independent computers to access dataon one another's storage devices. Though computer networks had beenknown prior to this, they typically permitted only communications, notstorage sharing.

[0004] The prevalent business network that has emerged is the local areanetwork, typically comprising “client” computers (e.g., individual PCsor workstations) connected by a network to a “server” computer. Unlikethe early computing systems in which all processing and storage occurredon a central computer, client computers usually have adequate processorand storage capacity to execute many user applications. However, theyoften rely on the server computer—and its associated battery of diskdrives and storage devices—for other than short-term file storage andfor access to shared application and data files.

[0005] An information explosion, partially wrought by the rise of thecorporate computing and, partially, by the Internet, is spurring furtherchange. Less common are individual servers that reside as independenthubs of storage activity. Often many storage devices are placed on anetwork or switching fabric that can be accessed by several servers(such as file servers and web servers) which, in turn, servicerespective groups of clients. Sometimes even individual PCs orworkstations are enabled for direct access of the storage devices(though, in most corporate environments such is province of server-classcomputers) on these so-called “storage area networks.”

[0006] A drawback in prior art storage area networks arises in managingthe proliferation of hosts and storage devices. Current solutions focuson setting switches or switch-like interfaces on the network orinterconnect fabric between the hosts and storage device, electrically“blocking” certain hosts certain storage devices and so forth. A problemwith these solutions is that they permit only zoning or switch-likecontrol. Another problem is that, by their very nature, these solutionstend to be provider specific.

[0007] An object of this invention is to provide improved storage areanetworks and methods of operation thereof.

[0008] Further objects of the invention provide such methods andapparatus as facilitate access to multiple storage devices, e.g., ofvaried types, from a plurality of servers or other host digital dataprocessors, e.g., running a variety of platforms.

[0009] Still further objects of the invention are to provide suchmethods and apparatus for managing administrator-defined and otherpolicies for storage networks, e.g., to facilitate access by multiplehosts to multiple storage devices in a manner consistent with networkadministrators' wishes and without risk of unwanted access conflicts.

[0010] Yet still further objects of the invention are to provide suchmethods and apparatus as facilitate the persistence of status and otherdata pertaining to storage area networks regardless of the metaphorsunder which that data is used and/or stored (e.g., object-oriented,relational, and so forth).

[0011] Another object of the invention is to provide such methods andapparatus as facilitate automated handling of events that occur withrespect to storage area networks and their componentry.

[0012] Yet other objects of the invention are to provide such methodsand apparatus as facilitate visual representation of the storage areanetwork topology, componentry and status.

[0013] Still yet another object of the invention is to provide suchmethods and apparatus as facilitate administrator (or other operator)definition of storage area network policy (e.g., vis-à-vis assignment ofstorage devices to hosts) and as facilitate notification of eventsoccurring with respect thereto.

[0014] These and other objects of the invention are evident in thedrawings and in the description that follow.

SUMMARY OF THE INVENTION

[0015] LUN Management

[0016] The foregoing are among the objects attained by the inventionwhich provides, in one aspect, novel storage area networks (SANs) andmethods of operation thereof. For example, in one aspect, the inventionprovides improvements on a SAN of the type having a plurality of hostscoupled via a network or other interconnect with one or more storageunits. The improvement, according to this aspect of the invention,comprises a manager process, device or other functionality incommunication with a plurality of agent processes, devices or otherfunctionality, each of which is associated with a host. The agentsidentify attributes of (i) their associated hosts, (ii) the interconnect(or portion thereof) to which that host is coupled, and/or (iii) storageunits to which that host is coupled via the interconnect. The managerresponds to these attributes identified by the agents to manage the SAN.

[0017] The manager according to related aspects of the invention can beimplemented on a first digital data processor, while the hosts areimplemented on further digital data processors. These digital dataprocessors can be coupled via a first network, e.g., an IP or othernetwork, to support communications between the manager and the agents.Such communications can be further effected, according to one aspect ofthe invention, utilizing an object request broker (ORB). Theinterconnect, according to further related aspects of the invention,comprises a second network, e.g., SCSI and/or fiber channel basedfabric, separate from the first network.

[0018] According to still further aspects of the invention, the managerprovides one or more management functions including, by way ofnon-limiting example, interfacing with a SAN administrator, resolvingSAN topology, managing storage device logical unit number assignment,and managing extension of host file systems. The agents can serve asproxies (or agents) for the manager, effecting functionality on itsbehalf at the host level. This functionality can include SAN componentattribute collection, LUN masking control, host file system monitoring,and file system extension implementation.

[0019] Further aspects of the invention provide systems as describeabove in which one or more agents utilize their associated hosts toquery and otherwise gather information regarding storage devices to them(the hosts) via the interconnect. This information can include thenumber of logical units present on each physical storage device, theidentification of the physical storage device and its respective logicalunits, and/or the storage capacity of each logical unit. Queries fromthe hosts to the devices can be effected via using the protocol of theinterconnect, e.g., a SCSI protocol for a fiber channel interconnect.

[0020] In related aspects of the invention, the manager correlatesinformation collected by the agents from their respective hosts, e.g.,disambiguating identifies of logical units in the storage devices and,more typically, on the SAN, from potentially only partial (orincomplete) information supplied by each agent. In accord with policiesestablished by the SAN administrator (and entered into the manager,e.g., via its graphical interface), the manager assigns logical units tothe hosts. According to related aspects of the invention, the managercommunicates those assignments to, and effects them via, the agents.

[0021] Further related aspects of the invention provide SAN systems asdescribed above in which each agent imposes logical unit number (LUN)assignments on their respective agents, e.g., via filters at the adapterlayer. This facilitates communication between the host and its assignedstorage devices by obviating the need for it (the host) to consult themanager for each read/write operation to those or other (e.g.,unassigned) storage devices.

[0022] In still further aspects, the invention provides SANs asdescribed above in which the manager includes a graphical user interface(GUI) for display of SAN topology and/or for input ofadministrator-defined SAN “policy,” by way of non-limiting example, LUNassignment, un-assignment, and file extension policy. The GUI canprovide a plurality of views, each for example with icons or textrepresentations (collectively, “icons” or “graphical objects”)representing hosts, storage devices (or logical units), associationstherebetween (e.g., assignment or accessibility), and/or propertiesthereof.

[0023] Assignment of a LUN to a host is permitted throughadministrator/operator-selection of a host icon and a LUN icon on theGUI display. This is beneficially facilitated, according to one aspectof the invention, by selectively activating the icons representing theLUNs only after the icon for a specific host has been selected and,then, only activating icons for those LUN that are accessible to theselected host and otherwise suitable for assignment.

[0024] In related aspects of the invention, the GUI provides iconsrepresenting SAN operations, such as assignment, unassignment, and soforth. These icons are beneficially activated, for example, only whenicons for corresponding hosts, storage units and/or other SAN componentshave been selected. For example, an icon for executing a LUN-to-hostassignment operation is activated only after both a host and a LUN areselected. This can likewise be true of a LUN-to-host unassignmentoperation. A GUI with such features advantageously facilitatesadministrator action, minimizing the number input decisions on the partof an administrator as well as the number of key strokes, “mouse”clicks, or other operator input device operations.

[0025] In further related aspects of the invention, a topological,hierarchical or enumerated (i.e., listing) display of SAN components canbe accompanied by a display of component properties (e.g., identity ofLUNs in a physical storage device, and so forth). The latter display,too, is beneficially generated only upon selection of a specificcomponent in the former display. In a related aspect, data necessary forgenerating the latter (i.e., a component property) display is retrieved,for example, from a local or remote database, only upon selection of aspecific component in the former display.

[0026] Further related aspects of the invention provide a system asdescribed above in which the GUI provides for selective display ofstorage devices, or logical units, depending upon their storage capacityor other quantitative attributes. In this regard, the GUI permitsoperator/administrator specification of a numerical range for use by themanager in filtering storage device display. This aspect of theinvention can be used to display, for example, logical units having astorage capacity, say, of between four and six gigabytes or, forexample, greater than ten gigabytes.

[0027] According to further aspects of the invention, the manager of aSAN as described above notifies the operator/administrator of SAN eventssuch as, by way of non-limiting example, failure or disconnection of astorage device from the SAN. The manager permits specification (e.g., bythe administrator) of a delay interval (or “alert interval”) between afirst and subsequent notifications of an event. Upon receipt of an eventnotification from an agent, for example, the manager can implement thismechanism by determining, e.g., from a database or otherwise, whether aprevious notification of was made to the administrator. If so, furthernotification is made only if the current time follows that of theprevious notification by the specified alert interval.

[0028] In further aspects, the invention provides a SAN as describedabove in which the manager maintains policies for handling eventspertaining to (i) attributes of at least selected hosts and/or (ii)establishment of relationships of at least selected hosts with one ormore storage units. A policy engine included within the manager respondsto notification of at least a selected event by effecting execution ofan action according to the policy maintained therefor.

[0029] In a related aspect, the policy engine includes a module, hereinreferred to as an automation module, that receives events from theagents and associates each event with a policy applicable to that eventto form an [event, policy] pair. For example, as discussed in moredetail below, when an agent file system monitor detects that theutilized portion of a file system associated with a managed host hasexceeded a pre-defined threshold, it transmits an event notification tothe policy engine. The policy engine determines, based on a pre-definedpolicy, whether the file system of this managed host should be extended.If the pre-defined policy calls for the extension of the file system,the policy engine identifies which LUN should be utilized and requeststhat a LUN manager assign the identified LUN to that host.

[0030] Further aspects of the invention provide systems as describedabove in which the manager maintains in a relational database atopological or other representation of the storage area network, oraspect thereof. In response, for example, to notification from an agentof addition of a component to the SAN, the manager instantiates anobject oriented programming (OOP) object reflecting attributes of thecomponent. This object, referred to below as a “manager” object can alsoinclude, for example, method members for collecting those attributes(e.g., from other databases or stores in the manager, or elsewhere). Themanager instantiates one or more further objects, referred to as “peer”objects, that store persistable data from a corresponding managerobject. These peer object are mapped into the relational database and,thereby, facilitate transfer of the persistable data to and from it.

[0031] Event Processing

[0032] The invention provides in other aspects improvements on a digitaldata processing apparatus of the type that manages a SAN and maintainsan internal representation thereof, e.g. of the topology of the SAN. Theimprovements include providing a first queue with entries representingtasks and a second queue with entries representing data for processingin connection with those tasks, where the data in the second queue isgrouped in accord with the task to which it corresponds. A managerservice updates the internal representation of the SAN (e.g., therepresentation of the SAN topology) by executing the tasks in the firstqueue one at a time, for example, atomically using a single-threadedprocess.

[0033] Further aspects of the invention provide improved apparatus asdescribed above in which the data contained in the second queueconstitute event notifications, e.g., generated by a detection servicein response to changes in the SAN. That service can receive, forexample, from agents associated with host digital data processors on theSAN, information regarding the hosts and storage devices to which theyare connected via an interconnect. In related aspects of the invention,the detection service discerns changes in the SAN and generatesnotifications by comparing information or “scans” from the agents withpreviously stored scans. One or more notifications can be generatedcorresponding to each change and transmitted to the manager forplacement on the queues. The notifications can reflect, for example,that a new host or storage device has been added to the SAN, that theattributes of such a device have been modified, that a device ismissing, and/or that a relationship between a storage device and hosthas changed.

[0034] Further aspects of the invention provide improved apparatus asdescribed above in which the manger service selectively addsnotifications received from the detection service to the second queueuntil receipt of a selected notification, e.g., indicating that theunderlying scan is complete. The service manger can, upon such receipt,generate for addition to the second queue an object-oriented programming(OOP) object, or other construct, execution of which effects processingof the prior notifications for the same underlying change detected bythe service manager.

[0035] Still further aspects of the invention provide apparatus asdescribed above in which the first (or task) queue is processed on afirst-in-first out (FIFO) basis. In related aspects, the tasks in thatqueue can be treated on a priority basis, e.g., with high priority tasksbeing executed prior to those of lower priority.

[0036] Conflict Resolution in Event Processing

[0037] Further aspects of the invention provide an improved SAN, e.g. ofthe type described above, that includes a first element that maintains afirst representation of the SAN, and a second element that maintains asecond representation of the SAN. The first element generatesnotifications of events in the SAN, e.g., addition or removal ofcomponents or relationships between components. The second elementresponds to such notifications by accessing the first representation(e.g., via the first element) and updating the second representation.

[0038] The first element can be, for example, a detection service of thetype discussed above. This maintains, according to aspects of theinvention, a representation of the SAN comprising a one-deep history ofscans received from the agents. The second element conversely can be theaforementioned manager service. It maintains, as noted above, atopological representation of the SAN. In executing tasks andnotifications in the queues described above, the service manager service(or “second element”) can access the SAN representation (e.g., scanhistory) maintained by the detection service.

[0039] In certain instances, the event notification may proveinconsistent with the topology representation maintained by the managerservice, e.g., as where the notification indicates that a relationshiphas been added between two SAN components and the topologyrepresentation does not include one of those components. Or, forexample, if the event notification indicates that a component has beenadded to the SAN and the detection service's representation includes nosuch component. In some such instances, according to aspects of theinvention, the manager service disregards the event notification. Inother instances, the manager service instigates a recovery of thetopology representation, e.g., by copying all or a portion of detectionservice representation. In the latter regard, recovery can be targetedto objects representing a specific device (and its relationships withother devices) in connection with which the inconsistency arose or, forexample, to objects representing components of the SAN in a region ofthat device, thereby, speeding the recovery process.

[0040] Event Notification with Data

[0041] Still further aspects of the invention provide an improved SAN asdescribed above in which the detection service (or first element)provides data, along with the event notification. That data ispreferably sufficient for the manager service (or second element) toupdate the second representation but, in any event, is at leastsufficient to avoid the need for the manager service to accessinformation in the first representation in order to update the secondrepresentation. Thus, for example, along with notification of a missingstorage device, the discover engine can transmit an identifier of thedevice and any other information necessary for the manager service toupdate its SAN topology database without a need to request additionaldata from the discover engine.

[0042] Further aspects of the invention provide a SAN as described abovein which the notification and event are contained in an object-orientedprogramming “object” or other construct suitable for carrying therequisite message between the detection service and manager service.

[0043] A SAN constructed and operated in accord with these aspects ofthe invention allows for maintenance of a valid topologicalrepresentation of the SAN in the manager service, without a need to lockthe scan representation in the detection service, even wherenotifications are generated asynchronously with respect to one anotherand where multiple notifications may be queued for processing. It alsoavoids the necessity of conflict resolution of the type described above.

[0044] Virtual SAN Determination

[0045] Still further aspects of the invention provide a storage areanetwork (SAN) in which one or more host digital data processors arecoupled to one or more storage devices (e.g., LUNs) by an interconnect,e.g., a fiber channel-based fabric. Switches or switch-like interfaceson the interconnect fabric define zones or regions in which certainhosts can access certain storage devices, but not other storage devices.Thus, for example, a switch in the fabric may effect two regions: oneover which a first host can access a single port on each storage devicesA and B; and another over which a second host can two ports on storagedevice B.

[0046] Scanners, e.g., operating within agents associated with thehosts, collect information regarding the regions and, more particularly,the hosts, storage devices and interconnect elements that make them up.Continuing the above example, a scanner operating on or in conjunctionwith the first host reports that it can access port 1 on storage deviceA and port 1 on B via the switch. A scanner operating on or inconjunction with the second host reports that it can access ports 1 and2 on storage device B via the switch.

[0047] A manager operating, for example, on a further digital dataprocessor disambiguates information from the regions and discerns thetopology of the portion of the SAN spanned by the regions. Thus, itidentifies as a virtual SAN elements from regions that have at least onecommon storage device port, or other interconnect endpoint, with atleast one other region. In the example above, the manager identifies, asa virtual SAN the first and second hosts, the switch, and storagedevices A (port 1) and B (ports 1 and 2)—since these are the combinedelements of the two regions have an endpoint in common, to wit, port 1of storage deviceB.

[0048] Maintenance and Removal of SAN Change Histories

[0049] The invention provides in other aspects improved storage areanetworks (SANs) that maintain an internal representation of the SAN in afirst data store and that maintains a separate store identifying changesto the SAN. A process executing, for example, in the manager digitaldata processor of the type described above utilizes the first store togenerate a display, e.g., on the operator/administrator console, of theSAN topology, its components and/or the relationships among thosecomponents (collectively, “topology”). The manager responds toinformation in the second store to identify on the display changes inthe SAN.

[0050] In related aspects, the invention provides an improved SAN asdescribed above in which the digital data processor selectivelydiscontinues identifying changes on the topology display. This can be inresponse, for example, to an operator/administrator request. At the sametime, or otherwise in connection therewith, the digital data processorcan remove the corresponding history information from the second store.

[0051] Further related aspects of the invention provide improved SANs asdescribed above in which the internal representation (or model) of theSAN is represented by objects or other data constructs (collectively,“model objects”) maintained in the first store. Each of those modelobjects can represent, for example, a respective component of the SAN ora respective interrelationship between components of the SAN. And, eachcan identify the respective component/interrelationship and itsattributes.

[0052] The second store can likewise maintain, according to furtheraspects of the invention, objects or other data constructs(collectively, “history objects”) that represent changes to the SAN.Each of those objects corresponds to a respective object in the firststore or component in the SAN (though, there typically are not as manyhistory objects as model objects or SAN components).

[0053] The history objects can reflect a status of their respectivecomponents, e.g., as “new,” “suspect,” “missing” or otherwise. Thedesignation “new” applies, for example, the SAN components orinterrelationships that have been added since the last topology display(or operator/administrator “clear history” command); the designation“suspect” to components/interrelationships whose status isinconsistently reported, e.g., by the aforementioned agents and theirrespective hosts; and the designation “missing” tocomponent/interrelationships that have been removed since the lasttopology display (or operator/administrator “clear history” command).Further statuses that can be represented by the history objects include,for example, “broken” indicating that the component is not functioningproperly; “attribute changed” indicating that an attribute of thecomponent has since the last topology display (or operator/administrator“clear history” command); “needs attention” indicating that thecomponent, though functioning properly, requires operator attention; and“moved” indicating that the component has been moved in the topologysince the last display (or operator/administrator “clear history”command).

[0054] Related aspects of the invention provide a SAN as described abovein which the status reflected by a history object is a function of thecorresponding component's prior status and its condition, e.g., asreported by a scanner or discerned by the discover engine. Thus, forexample, an object whose prior status was “broken” and which is reportedby the discover engine as being “new” is assigned a status of “suspect”in a corresponding history object.

[0055] By using separate stores for the SAN representation and thechange history, indicia of changes in the topology can generatedrapidly, without traversing the entire internal representation. Clearingof the change history can likewise be accomplished quickly, again,without traversing the internal representation.

[0056] In yet further aspects, the invention provides methods asdescribed above in which tasks on the second queue derive not only fromevent notifications received from the detection service, but also fromSAN operations, e.g., device labeling commands, requested by the systemoperator/administrator.

[0057] LUN Selection for File System Extension

[0058] Further aspects of the invention provide an improved SAN of typehaving one or more digital data processors, e.g., the aforementionedhosts, and one or more storage devices. At least a selected one of thehosts includes a file system that effects access by the host to assignedstorage devices. This can be, for example, a conventional AIX or otherhost platform file system that oversees file and other data accessesbetween the host and those assigned devices. That host can beassociated, according to these aspects of the invention, with lower andupper capacity bounds for purposes of file system extension. In responseto a request by (or on behalf of) the selected digital data processorfor extension of the file system, the manager assigns one of morefurther storage devices to that digital data processor.

[0059] In related aspects, the invention provides a SAN of the typedescribed above having a plurality of storage units and a plurality ofhost digital data processors coupled to those storage units via aninterconnect. Agents associated with each of the hosts digital dataprocessors identify attributes of any of (i) the associated host, (ii)the interconnect to which that host digital data processor is coupled,and (iii) storage units to which that host digital data processor iscoupled. The agents also respond to assignment, by a manager digitaldata processor, of a storage unit to the associated host digital dataprocessor(s) by preventing access by that host digital data processor toothers of said storage units in the SAN. At least a selected one of thehosts includes a file system and is associated with lower and uppercapacity bounds for purposes of file system extension, as describedabove. In response to a request by the agent of that host for extensionof the file system, the manager assigns one of more further storagedevices (e.g., from among a pool of storage devices accessible to thathost and otherwise available for assignment to it) to that selected hostdigital data processor.

[0060] Further aspects of the invention provide a SAN as described abovein which the manager responds to the file system extension request byidentifying a storage device from among the plurality of further storagedevices accessible to the first digital data processor having a capacityin a range between the lower capacity bound and the upper capacity bound(or, in the case of a striped RAID file system, a range between thelower capacity bound divided by (s) and the upper capacity bound dividedby (s), where (s) is the number of stripes), and assigns that storagedevice to the selected host digital data processor. Where more than onestorage device meets these capacity criterion, the manager can assign tothe selected host the storage device having the greatest capacity.

[0061] In related aspects, the invention provides a SAN as describedabove in which the manager responds to the file system extension requestby identifying and assigning to the selected host a plurality of storagedevices whose combined storage capacity that equals or exceeds the lowercapacity bound (divided by (s), for a striped RAID file system). Suchidentification and assignment of multiple devices can be effected, forexample, in instances where no single storage device, itself, hasadequate capacity. Moreover, where such identification and assignment iseffected, the manager can select among the storage devices on the basisof decreasing size. Thus, it assigns storage devices with larger storagecapacities before assigning those with smaller storage capacities.

[0062] Still further aspects of the invention provide SANs as describedabove in which the manager removes from selection any storage devicewhose assignment to the first digital data process, in response to aprevious file extension request, had failed. Related aspects of theinvention provide such SAN in which the manager assigns only storagedevices of types, e.g., pre-selected by an operator/administrator orotherwise.

[0063] Further aspects of the invention provide SAN, e.g., of the typedescribed above, that assigns storage devices for purposes of filesystem extension based on a RAID file system type of the selected hostdigital data processor and, particularly, that determines a number ofsame-sized storage devices to be assigned to the selected host based onthat file system type. For example, in one related aspect, the inventionprovides such a SAN in which the number of assigned storage devices (n)for a RAID file system having no stripes and a number of mirrorredundancies (m) is determined in accord with the relation n=m+1.

[0064] A related aspect of the invention provides a SAN as describedabove in which the number (n) of same-sized storage devices assigned toa host digital data processor having (s) stripes and no mirrorredundancies is determined in accord with the relation n=s.

[0065] A still further aspects of the invention provides a SAN asdescribed above in which the number (n) of same-sized storage devicesassigned to a host digital data processor having (s) stripes, each with(m) mirror redundancies is determined in accord with the relationn=s*(m+1).

[0066] A still further aspects of the invention provides a SAN asdescribed above in which the number (n) of same-sized storage devicesassigned to a host digital data processor having (m) mirror redundanciesspread over (s) stripes in accord with the relation n=(m+1)*s.

[0067] Rendering a SAN Topology

[0068] In further aspects, the invention provides improvements on astorage area network (“SAN”) of the type that includes one or moredigital data processors (e.g., the aforementioned hosts) that arecoupled for communication with one or more storage devices (e.g., LUNs)over an interconnect. The improvement provides a mechanism forhierarchically displaying, e.g., on the administrator console or otheroutput device, portions of the SAN topology. Particularly, the SAN isdivided into segments to facilitate display and, thereby, locatingfailing devices in the SAN. A graphical user interface displays iconsfor each SAN and divides the topology into submaps, i.e., a screen thatcontains icons—where double clicking on an icon will show another submapif the icon is not a leaf node. The SAN is divided into several types ofsegments: a switch segment contains an icon representing an individualswitch and the devices directly connected to the switch; a switch portconnected to multiple devices is represented by a loop segment. Thesegment contains an icon for the switch and the devices.

[0069] According to further aspects of the invention, the improvementprovides a process that generates for application to the output device aplurality of graphical objects that represent “segments” of the SANand/or components of the SAN, along with the interconnections betweenthem. Thus, for example, a first graphical object displayed on theoutput device can represent a first segment of the SAN. A secondgraphical object can represent either a second segment of the SAN or acomponent (e.g., host or storage device) of the SAN. And, a thirdgraphical object can represent the portion of the interconnect thatcouples the segments/component represented by the first and secondgraphical objects. The process selectively responds tooperator/administrator selection of any of the graphical objects thatrepresent a segment by regenerating the display to depict theinterconnected segments and/or components that make up that segment.

[0070] A component, in this context, refers for example to a storagedevice or a host digital data processor, while a segment refers toportion of the SAN containing multiple such interconnected components,whether represented as (i) individual components and/or (ii) one or morefurther segments.

[0071] Related aspects of the invention provide a SAN as described abovein which the process responds to operator selection of a graphicalobject representing a segment or component by displaying the attributesthereof. For example, in the case of selection of an object representinga storage device, the process can display the type and capacity of thedevice, its LUN identifier, and so forth. In the case of selection of anobject representing a segment, the process can display its location, anenumeration of its components, and so forth.

[0072] Further aspects of the invention provide a SAN as described abovein which the process displays the aforementioned graphical objects in amain presentation panel (or window) and displays further graphicalobjects—referred to here as “navigational” objects—in one or more otherpresentation panels. These navigation objects, too, represent componentsor segments of the SAN and, indeed, can correspond to the graphicalobjects displayed in the main panel. Alternatively, or in addition, thenavigational objects can correspond to the SAN root or other segmentsand or components that are not direct descendants of those representedby the graphical objects in the main panel.

[0073] Still further aspects of the invention provide SANs as describedabove in which a component having a selected status, e.g., failed, isdepicted in alternate form, e.g., with color highlighting, blinking, orso forth. Segments that contain such a component can likewise bedisplayed in an alternate form to facilitate operator identification ofthe component. Related aspects of the invention provide use of suchalternate display to highlight portions of the interconnect that havefailed or are otherwise have a selected status.

[0074] Hierarchical File System Extension Policy

[0075] Further aspects of the invention provide a storage area network(SAN) that includes a plurality of digital data processors, each with afile system that effects access to one or more storage devices coupledto the SAN, for example, via the aforementioned interconnect fabric. Aprocess (e.g., executing in the aforementioned SAN manager) responds toa file system over-extension notification from at least a selected oneof the digital data processors, e.g., by assigning a further storagedevice to that digital data processor. The type of response is, moreparticularly, determined in accord with a hierarchically defined policyinherited, in whole or in part, from one or more hierarchical groups ofwhich the digital data processor is a member.

[0076] In a related aspect, the invention provides a SAN as describedabove in which the policy used by the process in responding to thenotification is defined, in part, by a first grouping to which thatdigital data processor belongs and, in part, by a second grouping towhich that digital data processor belongs. Each of the groups is at arespective hierarchical level: the first group at a first level, and thesecond group at a second level. The first level is higher then thesecond, and the first group includes the digital data processor(s) ofthe second group, as well as at least one other digital data processor.

[0077] A still further related aspect of the invention provides a SAN asdescribed above in which the first group is associated with a first setof attributes and the second group is associated with a second set ofattributes, e.g., which form a subset of the first group. The first setdefines a default policy for digital data processors included in thefirst group. The second set overrides corresponding attributes of thefirst group and, along with the inherited (but not overridden)attributes, defines a policy for second group.

[0078] By way of non-limiting example, according to one aspect of theinvention, the selected digital data processor can be a member ofseveral hierarchical groups: a domain level group that defines thedefault file extension policy for all digital data processors in theSAN; a host-group level group that overrides some or all of the domainlevel attributes for a selected subset of the SANs digital dataprocessors; and a host level “group” that overrides some or all of theattributes for a given digital data processor. By way of furthernon-limiting example, policy-defining attributes can include whether thefile system of the digital data processor is being monitored, whetherthe file system can be extended, a threshold value for extension,storage devices onto which the file system can be extended, an extensionminimum size, an extension maximum size, and an alert interval defininghow often event notification is to be provided.

[0079] Further aspects of the invention provide a SAN as described abovein which the policy extends down to the level of the file system (i.e. aso-called file system level “group”), such that the manager process canrespond to a notification from a host digital data processor based on apolicy for a specific file system within that digital data processor.That policy can be inherited, in part, from each of the domain levelgroup, the host-group level group, and the digital data processoritself. It can also be based on attributes specified for that specificfile system, which override corresponding inherited attributes. Stillfurther aspects of the invention provide a SAN as described above inwhich a hierarchical policy as described above is implemented withrespect to other components of the SAN.

[0080] Display and Management of File System Extension Policy Hierarchy

[0081] Further aspects of the invention provide a SAN, e.g., asdescribed above, that includes one or more of the aforementioned host orother digital data processors, each having a file system that effectsaccess to one or more storage devices. Consistent with the discussionabove, each processor can be associated with multiple groups fromrespective levels of a hierarchy, e.g., a first processor group and asecond processor group descendant from the first processor group.

[0082] As above, the first group can be associated with a default fileextension policy (e.g., with attributes assigned outright to that groupand/or from a group at a still higher hierarchical level). The secondgroup can be associated with the default policy by inheritance, whichassociation can be overridden in whole or in part by attributesspecifically assigned to that level. Continuing the example above, thegroups can include any combination of the aforementioned domain levelgroup, host-group level group, host “group,” and file system “group.”

[0083] A process, e.g., executing on the aforementioned SAN manager,includes a graphical user interface that displays the processor groupsas a hierarchical tree. Along, for example, with the identities of theprocessor groups, nodes of the displayed tree list attributes of thepolicy defined for each respective group. As above, those attributes caninclude, by way of non-limiting example, whether the file system of thedigital data processor is being monitored, whether the file system canbe extended, a threshold value for extension, storage devices onto whichthe file system can be extended, an extension minimum size, an extensionmaximum size, and an alert interval defining how often eventnotification is to be provided.

[0084] In related aspects, the invention provides a SAN as describedabove in which the process displays the hierarchical tree and itsassociated nodes in a first panel on a display device, such as theoperator/administrator console. In a second panel, the process displaysinterface graphical objects, e.g., list controls, dialog boxes or othereditable fields, for modifying one or more attributes of a file systemextension policy associated with at least a selected one of theprocessor groups.

[0085] Further aspects of the invention provide a SAN as described abovein which the tree display includes at least one node identifying atleast one overriden attribute, i.e., one attribute that will beoverridden in the second processor group.

[0086] LUN Masking on Windows∩ NT and Windows™ 2000 Hosts

[0087] Further aspects of the invention provide a storage area network(SAN) as described above that uses adapter layer filters to implementlogical unit number (LUN) assignments—or, put another way, LUN masking(and unmasking)—in the host digital data processors.

[0088] According to one such aspect of the invention, the inventionprovides an improved SAN of the type having one or more digital dataprocessors, e.g., hosts of the type described above, in communicationwith one or more storage devices, e.g., LUNs. The host (or other digitaldata processor) is of the type with an operating system that utilizes(i) a port driver to define a software interface between a class driverand an adapter to which one or more of the storage devices are coupled,and (ii) a class driver that claims storage devices for access, e.g., bythe operating system and any applications programs executing therein, byinvoking the port driver to which the host is coupled, e.g., via theinterconnect fabric. The improvement comprises a software filter incommunication with the port driver and the class driver. That filterintervenes to block claiming of one or more selected storage devices bythe class driver.

[0089] In a related aspect, the invention provides a SAN as describedabove where the host executes the Windows NT™ operating system and thefilter blocks claiming of a selected storage device by returning afailure code to the class driver in response to its invocation of theport driver for purposes of claiming that storage device.

[0090] In a further related aspect, the invention provides a SAN asdescribed above where the host executes the Windows 2000™ operatingsystem and the filter blocks claiming of a selected storage device byblocking claim requests by the class driver.

[0091] A SAN manager or other functionality is provided, according tofurther aspects of the invention, for transmitting to the filteridentifiers, e.g., LUN IDs, of storage devices for which claiming is tobe any of blocked or unblocked. In a preferred such aspect, the SANmanager or other functionality loads the filter with identifiers ofstorage devices for which claiming is not to be blocked, and the filterblocks claiming of storage devices—particularly, fiber channel storagedevices—other than those so identified.

[0092] Further aspects of the invention provide a SAN as described abovewhich provides for blocking access to, or masking, a storage device towhich access had previously not been blocked. According to theseaspects, the agent or other functionality (e.g., resident on the host)masks the storage device by invalidating a disk object previouslycreated for that device. The device can later be unmasked, e.g., inresponse to an operator/administrator request, by validating that diskobject.

[0093] Still further aspects of the invention provide a SAN as describedabove which provides for unmasking a storage device to which access hadpreviously been masked. According to these aspects of the invention, thefilter responds to the manager's identifying such a storage device to beunmasked by invoking the port driver for purposes of claiming the one ormore storage devices identified by it as coupled to the selected digitaldata processor. In this regard, the filter duplicates the operation ofthe class driver, which, at system start-up, itself invokes the portdriver to claim the storage devices (listed by the port driver as)coupled to the host.

[0094] Association of LUN ID with Physical Device Object Name

[0095] Further aspects of the invention provide an improved storage areanetwork (SAN) of the type having a digital data processor, e.g., a host,in communication with one or more storage devices, e.g., a LUN and,further, of the type having a plug-and-play (PNP) manager that generatesan event in response to a change in status of at least one of thestorage devices.

[0096] The improvement is characterized, according to one aspect of theinvention, by at least a selected process, that executes on the host (orother digital data processor), which references at least a selected oneof the storage devices using a previously assigned logicalidentification, e.g., a LUN ID. The improvement is further characterizedby the selected process responding to an event generated by theplug-and-play manager by querying for information the storage device (oran interface thereto) with respect to which the event was generated.From that information, the process generates a logical identificationfor the device.

[0097] In related aspects, the invention provides a SAN as describedabove in which the PNP manager generates, along with the event, aphysical identification of the storage device with respect to which theevent was generated. The improvement is characterized by the selectedprocess referencing that physical identification in querying the storagedevice, or an interface thereto, for the aforementioned information. Ina further related aspect of the invention, the PNP manager executes atleast in part in kernel mode, while the selected process executes inuser mode. The selected process registers for, and is notified of, theevent in user mode.

[0098] Further aspects of the invention provide a SAN as described abovewhere the event signaled by the PNP signifies any of coupling ordecoupling of a storage device to/from the host.

[0099] Yet still further aspects of the invention provide a SAN asdescribed above in which the PNP manager generates, along with theevent, a reference to a data structure containing data regarding thestorage device with respect to which the event was generated. Theimprovement provides for parsing of that data by the selected process todetermine an address of the storage device. That address can be used,for example, in querying the storage device or its interface (e.g., theport driver or adapter).

[0100] Fiber Channel Device Determination in Kernel Mode

[0101] The invention provides, in further aspects, an improved storagearea network (SAN) of the type described above that has a host or otherdigital data processor whose ports are coupled to peripheral devicesthat include fiber channel or other SAN-class storage devices. Processesexecuting on the host (or other digital data processor) generaterequests for access to those peripheral devices. The improvement ischaracterized by a persistent store that identifies ports coupled toSAN-class storage devices. This store can be loaded, for example, by aprocess that executes on the host in user mode. The improvement isfurther characterized by filter, such as the aforementioned filterdriver, that executes on the host in kernel mode to block access toselected ones of those SAN-class storage devices.

[0102] In related aspects, the invention provides a SAN as describedabove in which the store, which can be retained as part of the host'sWindows™ registry, identifies ports that are coupled to a specific classof SAN storage devices, notably, fiber channel storage devices. Thefilter, commensurately, blocks access to selected ones of the fiberchannel devices. Further aspects of the invention provide a SAN asdescribed above in which the filter does not block or, more simply,passes, requests for access to peripheral devices not identified ascomprising SAN-class storage devices.

[0103] Still further aspects of the invention provide a SAN as describedabove that includes an element, for example, the aforementioned SANmanager, that designates SAN-class storage devices as assigned (orunassigned) to the host. The filter, according to this aspect, passesrequests for access to peripheral devices that are identified ascomprising SAN-class storage devices and that are designated as assignedto the host, while blocking access to those that are not assigned to thehost.

[0104] Yet still further aspects of the invention provide a SAN asdescribed above in which the host executes a user mode process, e.g., asa final phase of host boot-up, which identifies ports coupled withSAN-class—and, more specifically, fiber channel—storage devices. Theuser mode process stores that information to the registry for use by akernel mode processes running during earlier phases of a subsequent hostboot-up.

[0105] Related aspects of the invention provide a SAN as described abovein which the host includes a kernel mode process that executes, e.g.,during an initial phase of host boot-up, that validates identificationsmade by the user mode process during a prior boot-up.

[0106] Still further aspects of the invention provide a SAN as describedabove in which the filter passes requests for access to peripheraldevices for which the kernel mode process indicates the identificationis not valid, unless those requests comprise claims for access toperipheral devices that are hard disk devices that are not designated asassigned to the digital data processor.

[0107] Ensuring Validity of Data from the Scanners

[0108] Still further aspects of the invention provide a SAN, e.g., ofthe type described above having a plurality of components such as hostdigital data processors and storage devices. A store, e.g., resident ona manager digital data processor, contains one or more objects (or otherdata constructs) that represent information gathered from the hosts,i.e., scans. Further such objects represent components in the SAN and/orrelationships between and among those components. Though these objectscan be of the same type, they are referred to here for convenience asscan objects, component objects and relationship objects, respectively.A discover engine or other functionality executing on the managerdigital data processor validates information gathered from a selectedhost concerning a selected component or relationship based on a scanobject, if any, that is associated with a component object orrelationship object, respectively, corresponding pertaining to theselected component or relationship.

[0109] In related aspects, the invention provides a SAN as describedabove in which a scanner executing on each of the hosts gathersinformation—e.g., a “scan”—regarding that host and the storage devices(or other SAN components) that host can “see,” as well as relationshipstherebetween. The discover module responds, according to related aspectsof the invention, to selected changes discerned from a scan byvalidating the information from which the change was discerned. This canbe accomplished by traversing the component objects or relationshipobjects to find those for the same component or relationship,respectively, underlying the apparent change. Scans containinginformation regarding that component or relationship are identified viathe scan objects associated with any matching component or relationshipobjects.

[0110] For example, upon discerning from a scan that a storage devicehas apparently been removed, the component objects can be traversed todetermine which contain information regarding the apparently removeddevice. Scans providing information from which the change can bevalidated are identified via association of their respective scanobjects with any matching component objects founds during traversal.Those other scans can be checked to see if they are in accord with thescan in which the change was discerned and/or the scanners thatgenerated the scan(s) can be re-executed. Alternatively, according toone aspect of the invention, the apparent change is ignored upon findingany such other scans.

[0111] Further aspects of the invention provide a SAN as described abovein which the store maintains objects representing component attributes,in addition to objects representing scans, components and relationships.All of these objects, according to other aspects of the invention, canreference corresponding data in tables of attributes, scans, components,and relationships, respectively. At least one of the objects, moreover,can include a unique identifier referencing the corresponding table andthe data field therein.

[0112] Yet still further aspects of the invention provide SAN asdescribed above wherein the discover engine validates only selectedchanges discerned from the scan. Thus, for example, according to oneaspect of the invention, such an engine can validate changesrepresenting removal or decoupling of storage devices and/or removal (ormissing) relationships between components.

[0113] User Interface Architecture

[0114] The invention provides, in still further aspects, an improvedarchitecture of a digital data processor of the type used in a storagearea network (SAN). The digital data processor, which can be theaforementioned manager digital data processor, executes a process,herein referred to as a manager process, to maintain a representation ofthe SAN topology or at least an attribute thereof. A graphical outputdevice displays the SAN representation. A further process, hereinreferred to as a user interface process, controls the output device forpurposes of displaying that representation. An interface element,residing on the manager digital data processor or another dataprocessor, effects retrieval of the SAN representation, for example, inresponse to a request from the user interface process. It transmits thatrepresentation to the user interface process for display on thegraphical output device.

[0115] In a related aspect, the invention provides a SAN as describedabove in which the interface element includes a requester that receivesa request from the user interface process for retrieval of the SANrepresentation from the manager process. For example, the user interfaceprocess can transmit such a request in response to a SAN administratorcommand that the displayed topology representation be refreshed. Therequester, in turn, forwards the request to a request handler, forexample, in a mark-up language format, such as XML, for furtherprocessing.

[0116] Further aspects of the invention provide a SAN as described abovein which the interface element includes a manager daemon incommunication with the request handler and the manager process, forexample, via an object request broker. The request handler transmits therequest to the manager daemon which, in response, effects retrieval ofthe SAN representation from the manager process. The request handler cantransmit the request to the manager daemon in the same format as thatreceived from the requester. Alternatively, the request handler can mapthe request onto a generic format prior to its transmission to themanager daemon. The manager daemon can, moreover, include a controllerthat receives the request from the request handler, and communicateswith the manager process to retrieve the SAN representation.

[0117] In still further aspects, the invention provides a SAN asdescribed above in which the user interface element includes a daemonprocess, herein referred to as user interface daemon, that receives theSAN representation retrieved by the manager daemon. The user interfacedaemon, in turn, effects display of the SAN representation on thegraphical output device.

[0118] Yet still further aspects of the invention provide a SAN asdescribed above in which the manager daemon segregates a representationretrieved from the manager process, e.g., a SAN topologyrepresentations, onto a plurality of sub-representation, and transmitsthe sub-representations to the user interface daemon.

[0119] Dynamically Extending File Systems

[0120] The invention provides, in other aspects, an improved SAN of typehaving one or more digital data processors, e.g., the aforementionedhosts, and one or more storage devices. At least a selected one of thehosts includes a file system that effects access by the host to assignedstorage devices. In response to a request by (or on behalf of) theselected host for extension of the file system, a manager assigns one ofmore further storage devices to that digital data processor. An agentassociated with the first digital data processor that responds to theassignment by extending the file system to include the assigned storagedevice.

[0121] Further aspects of the invention provide a SAN as described abovein which the agent automatically extends the selected host file systemby executing one or more steps including initializing the assignedstorage device, creating a logical object to represent the assignedstorage device, adding the logical object into a logical grouping ofstorage devices that contain the file system to be extended, extending avolume size of the host file system, and increasing a size of the hostfile system. In related aspects, the agent does not extend the filesystem if any of these steps fail.

[0122] Related aspects of the invention provide a SAN as described abovein which the agent executes on an AIX journal system. Here, the agentextends the selected host file system by converting the assigned storagedevice into one or more physical volumes, adding the one or morephysical volume into a volume group of the file system to be extended,and extends the logical volume of that file system onto the assignedstorage device.

[0123] Further related aspects invention provide a SAN as describedabove in which the agent executes on a UNIX or Veritas file system (bothrunning under a Solaris operating system). Here, the agent extends theselected host file system by writing a new label to the assigned storagedevice, configuring the storage device for use with a volume manager byconverting the storage device into one or more VM disks, adding the oneor more VM disks to a disk group where a logical volume of the filesystem to be extended resides, and increasing a size of that file systemand the logical volume.

[0124] Dynamically Enabling SAN Manager

[0125] Further aspects of the invention provide a storage area networkas described above having one or more digital data processors, e.g.,hosts, in communication with one or more storage devices, e.g., LUNs. Atleast a selected one of the hosts has an operating system in which astorage device must be claimed (or mounted), e.g., via port driver andclass driver components as discussed earlier or via analogousfunctionality in other operating systems, before the storage device canbe accessed by applications programs executing on that host. Theimprovement is characterized by a selectively actuable filter, e.g.,loaded with the selected host operating system, that—whenactuated—intervenes to block claiming (or mounting) of one or moreselected storage devices.

[0126] In further aspects, the invention provides a store that maintainsa flag or other indicator, referred to elsewhere herein as an “enable”or “fully enabled” indicator. The aforementioned filter is responsive tothat indicator for selectively intervening to block claiming (ormounting) of storage devices. According to more particular aspects ofthe invention, the filter, when actuated, intervenes to block claiming(or mounting) of one or more selected storage devices by the selectedhost operating system class driver.

[0127] A graphical user interface element is provided, according toother aspects of the invention, for setting the value of the enableindicator. The interface is responsive, for example, tooperator/administrator input (e.g., selection of buttons on a console)for determining that setting, e.g., enabled or disabled.

[0128] Still further aspects of the invention provide a SAN as describedabove comprising a manager digital data processor that is coupled to atleast the selected host digital data processor. The manager responds tooperator/administrator input for transmitting software comprising afilter to the selected host.

[0129] According to related aspects of the invention, the managerdigital data processor provides for assignment of storage devices to theselected and other host digital data processors. Each of the storagedevices, according to this aspect of the invention, is associated withone or more logical unit numbers (LUNs). The manager transmits LUNs tothe filter to effect assignment of the associated storage device(s) tothe selected host digital data processor. The filter, in turn, accordingto this aspect of the invention, blocks claiming (or mounting) ofSAN-class (e.g., fiber channel) storage devices other than thoseassociated with the LUNs transmitted to the filter.

[0130] Further aspects of the invention provide a SAN as described abovein which the manager digital data processor includes a graphical userinterface that sets a value of a further indicator, referred toelsewhere herein as an “assignment enable” indicator, in the store topermit the operator/administrator to make assignments.

[0131] Launching Device Specific Applications

[0132] The invention provides, in still further aspects, a storage areanetwork (SAN) of the type described above having a plurality ofcomponents including one or more digital data processors incommunication with one or more storage devices via a switching fabric.An interface process, e.g., resident on a manager digital dataprocessor, permits the operator/administrator to effect execution of atleast a process residing on the manager and at least one processresiding on another SAN component. The latter process can be, forexample, an applications program for management of the respectivecomponent.

[0133] In another aspect, the invention provides a SAN as describedabove in which the interface process effects a topological or otherdisplay of one or more graphical objects, each representing one of theSAN components, on the graphical output device. The interface processresponds to operator/administrator selection of one of these graphicalobjects by depicting application processes, if any, residing on that SANcomponent. Execution of those processes can be effected by selection ofthose depicted processes.

[0134] The invention provides, in still further aspects, a SAN asdescribed above in which the interface process responds to the selectionof a graphical object representing a SAN component by accessing a store(e.g., maintained by the manager) identifying application processes, ifany, associated with each component. When the operator/administratorselects a component application for execution, the interface processretrieves requisite parameters, e.g., command parameters, from thedatabase, and utilizes the retrieved parameters to effect launching ofthe application on the corresponding component.

[0135] Interfacing with Multiple Host Platforms

[0136] The invention provides, in further aspects, a storage areanetwork (SAN) of the type described above having a plurality ofcomponents including digital data processors, e.g., hosts, coupled to aplurality of storage device. A common, platform-independent processexecutes on the hosts, which can be of varied platform types, e.g.,UniX™, Windows™, Solaris, and so forth. That process utilizes thecommand line interface of the host operating system to invoke at leastone platform-dependent process on the respective host.

[0137] According to related aspects of the invention, theplatform-independent and platform-dependent processes comprise portionsof the aforementioned agents. Here, the platform-independent processesrepresent those portions of the agents common to all platforms. Theplatform-dependent processes representing modules, such as drivers andscanners, specific to each platform.

[0138] In another aspect, the invention provides a SAN as describedabove in which the platform-independent processes transfer commands,data and other information to the respective platform-dependentprocesses via command line parameters of the respective hosts operatingsystem. In related aspects, the platform-dependent processes return dataand other information back to the respective platform-independentprocesses via the Standard Output and/or Standard Error of therespective host command line interface.

[0139] The invention provides, in still further aspects, a SAN asdescribed above in which the platform-independent processes invoke therespective platform-dependent processes to obtain information, e.g.,“scans,” regarding the status of SAN components. Theplatform-independent processes capture that information (e.g., returned,via Standard Output/Error of the respective host command line interface)for transfer, e.g., to a manager digital data processor.

[0140] In still another aspect, the invention provides a SAN asdescribed above in which the manager digital data processor transmitsqueries to the platform-independent processes, e.g., to effect theirexecute of scans. The platform-independent process responds to thesequeries by invoking their respective platform-dependent processes viathe command line interface of the respective host, as described above,and returning the gathered information to the manager for furtherprocessing. The manager and the platform-independent process transmitinformation to one another formatted in a format such as XML and,further, utilize Object Request Broker protocol for communication, e.g.,via a local area network.

[0141] The invention provides, in still further aspects, a SAN asdescribed above in which the manager includes a query engine forforwarding queries to the platform-independent process, and furtherincludes a registry that contains information regarding the commonplatform-independent process and the digital processor hosts associatedtherewith. The information in the register provides identifiers, forexample, IP address, for communicating with the platform-independentprocesses via their respective hosts.

[0142] Yet, still further aspects of the invention provide methods ofoperating a storage area network and components thereof paralleling theforegoing.

[0143] These and other aspects of the invention are evident in thedrawings and in the description that follows.

BRIEF DESCRIPTION OF THE DRAWINGS

[0144] A more complete understanding of the invention may be attained byreference to the drawings, in which:

[0145]FIG. 1 depicts an exemplary storage area network (SAN) managementenvironment according to the invention;

[0146]FIG. 2 is another schematic view of a SAN management environmentaccording to the invention having a manager and two consoles that allowan operator to interact with the manager;

[0147]FIG. 3 schematically depicts functional components of an exemplarymanager in a SAN management environment of the invention and those of anagent residing on a host connected to the SAN;

[0148]FIG. 4 schematically depicts that a manager and an agent residingon a host in a SAN according to the invention can run on differentplatforms and are in communication with one another;

[0149]FIG. 5 lists various services provided by an exemplary embodimentof a manager in a SAN in accord with the teachings of the invention;

[0150]FIG. 6 is a diagram illustrating a number of modules of a SANmanager of the invention and their architectural interconnectivity;

[0151]FIG. 7A schematically depicts the functionality provided by apolicy engine of a SAN manager of the invention for extending the filesystem of host connected to the SAN;

[0152]FIG. 7B schematically illustrates processing of events by thepolicy engine of FIG. 7A;

[0153]FIG. 8 is a diagram illustrating various modules for implementingLUN management services in a SAN manager according to the teachings ofthe invention;

[0154]FIG. 9 schematically illustrates that scanners running on hostsconnected to a SAN of the invention can utilize SCSI protocol to querystorage devices attached to the SAN;

[0155]FIG. 10 is a diagram illustrating a number of modules in a SAN ofthe invention that implement LUN ID generation and LUN masking;

[0156]FIG. 11 is a diagram illustrating various modules of a SAN of theinvention and the interactions among them for implementing file systemextension services;

[0157]FIG. 12 illustrate three objects in a SAN management environmentof the invention including persistable data and related to one anothervia an inheritance tree;

[0158]FIG. 13 schematically depicts a method of the invention formapping the persistable data contained in the objects of FIG. 12 onto arelational database;

[0159]FIG. 14 is a flow chart that describes the method of FIG. 13 inmore detail;

[0160]FIG. 15 illustrates that a SAN manager of the invention cancommunicate with a GUI server by utilizing an object request broker(ORB) over a TCP/IP connection;

[0161]FIG. 16 illustrates an exemplary display for displaying one ormore storage devices connected to the SAN of the invention andpresenting information regarding selected attributes thereof;

[0162]FIG. 17 illustrates a display in accord with the teachings of theinvention displaying a containment tree hierarchy including a storagedevice, a LUN contained in the storage device, and selected propertiesof the LUN;

[0163]FIG. 18 illustrates an exemplary display presented by a GUI in aSAN of the invention displaying a list of hosts connected to the SAN andLUNs accessible to a host selected from the list;

[0164]FIG. 19 illustrates the use of a GUI in a SAN of the invention forassigning a LUN to a host;

[0165]FIG. 20 illustrates use of a GUI in a SAN of the invention forunassigning and reassigning a LUN to a host,

[0166]FIG. 21 illustrates a display containing a list of accessibleLUNs;

[0167]FIG. 22 depicts a dialogue box presented in the display of FIG. 21for entering a numerical threshold for selective filtering of the LUNspresented in FIG. 21;

[0168]FIG. 23 depicts an example of a virtual SAN of the type that canbe detected by host adapters and disambiguated by a SAN manageraccording to the invention; and

[0169]FIG. 24 depicts a methodology according to the invention fordisambiguation of virtual SANs in a system according to the invention;

[0170]FIG. 25 depicts internal models maintained for purposes of SANmanagement in a system according to the invention;

[0171]FIG. 26 depicts a display presented utilizing the models depictedin FIG. 25;

[0172]FIG. 27 is a flow chart illustrating a method for responding to afile extension request issued on behalf of a host by its associatedagent;

[0173] FIGS. 28-32 depict renderings of a SAN topology in a systemaccording to the invention;

[0174]FIG. 33 depicts a hierarchical file extension policy systemaccording to the invention;

[0175]FIG. 34 depicts a graphical user interface display according tothe invention for presentation and management of the hierarchical fileextension policy of FIG. 28;

[0176]FIG. 35 depicts host file system extension in a system accordingto the invention;

[0177]FIG. 36 depicts a storage driver architecture of a Windows™ NT orWindows™ 2000 host modified in accordance with the invention;

[0178]FIG. 37 depicts a mechanism for validating changes in the discoverengine of a system according to the invention;

[0179]FIG. 38 depicts functional components of an exemplary SAN daemonin a system according to the invention;

[0180]FIG. 39 depicts a flow of information in a system according to theinvention in response to a administrator's request to refresh a topologydisplay;

[0181]FIG. 40 depicts a manner in which new topology data is transmittedfrom a SAN manager service to a user interface module in a systemaccording to the invention;

[0182]FIG. 41 depicts a storage driver architecture of a Windows™ NT orWindows™ 2000 modified in accordance with the invention for kernel levelfiber channel detection;

[0183]FIG. 42 is a data flow diagram depicting execution of applicationsprocesses by the SAN manager console in a system according to theinvention; and

[0184]FIG. 43 depicts an architecture for host/agent communication andinterfacing in a system according to the invention.

DETAILED DESCRIPTION OF THE ILLUSTRATED EMBODIMENT

[0185] The illustrated embodiment provides inter alia for management ofa storage area network (SAN) generally having a plurality of hosts thatare coupled with one or more storage devices via an interconnect fabricfor purposes of storing and retrieving information. The embodimentutilizes a manager and one or more agents, each of the latter beingassociated with at least one of the hosts and serving as “proxies” forthe manager, gathering status, attributes and other such informationregarding the hosts, the storage devices, and the interconnect fabric.The manager collates that information to discern the makeup, topologyand status of the SAN and its components, to apprise an administrator orother operator of the same (and of changes thereto), and to implement anadministrator-defined or other policy, e.g., by way of non-limitingexample, for assignment and unassignment of storage devices (e.g.,logical units) to the hosts.

[0186]FIG. 1 illustrates an exemplary storage network managementenvironment 10 according to the present invention in which a pluralityof hosts 12 a, 12 b, and 12 c, herein collectively referred to as hosts12 or alternatively as managed hosts 12 communicate with a plurality ofstorage devices 14 a, 14 b, and 14 c, herein collectively referred to asstorage devices 14, via an interconnect fabric 16 having a plurality ofinterconnect elements, such as, a switch 16 a. Though hosts 12 aretypically web or file servers (for client computers which are not shownin the drawing), graphical workstations and so forth, they may compriseany digital data device that accesses and/or stores (collectively,“accesses”) information on the storage devices 14. The hosts, moreover,may run a variety of operating systems, by way of non-limiting example,Windows 2000, Windows NT, Solaris, and Linux. The hosts are constructedand operated in the conventional manner known in the art, as modified inaccord with the teachings herein (by way of non-limiting example,through incorporation of agent functionality as described in stillfurther detail below).

[0187] Storage devices 14 comprise apparatus for storing and/orretrieving data. These typically comprise disk drives and arrays of thetype conventionally used in storage area networks, though any variety ofstorage devices may be used for this purpose. Illustrated devices 14 areconstructed and operated in the conventional manner as modified inaccord with the teachings herein.

[0188] Per convention, physical storage devices, e.g., a single diskdrive or an array of disk drives, are logically divided or grouped in tological units. This is typically accomplished via a controller (notshown) associated with each physical device. The controller isconfigured for this purpose by an administrator, by factory default, orotherwise, in a manner conventional in the art and not further discussedherein. Once configured, the controller responds to queries (e.g.,directed to Page 83 h and/or Standard Page commands of the SCSIprotocol) to identify the logical units—typically by way of, forexample, an identifier referred to as a logical unit number or LUN—and(to the extent relevant) the physical device(s) on which they arecontained.

[0189] The controller attends to data accesses directed to those logicalunits by retrieving and/or storing data at locations allocated to thoseunits within the physical devices—typically, without applicationsprogram, file system or operating system concern for the specifics (oreven the existence) of such allocations. In this light, unless otherwiseevident from context, the term “storage device” in relation to theillustrated embodiment refers to logical units, though in alternateembodiments it can refer to physical devices.

[0190] In the illustrated embodiment, hosts 12 are coupled forcommunication with one another, as well as with a SAN manager 20, via alocal area network (LAN) 18 that utilizes the TCP/IP protocol. Othernetworks configurations, types and/or protocols may be used for thispurpose, including, by way of non-limiting example, wide area networks,metropolitan area networks, regardless of media (wired, wireless,satellite or otherwise) and protocol.

[0191] Hosts 12 are coupled to storage devices 14 via interconnect 16for purposes of transferring data and commands therebetween. In theillustrated embodiment interconnect 16 comprises a fiber channel fabric,including fiber channel media, switches, and other componentrynecessary, typical and/or otherwise used to provide fiber channelconnectivity between the illustrated devices 12, 14. In alternativeembodiments, interconnect 16 utilizes other fabrics, networks or othercommunications media for transfers between hosts 12 and devices 14, withhigh-speed fabrics. Indeed, such transfers can be conducted over LAN 18,which also couples these devices.

[0192] SAN Manager and Agents

[0193] The illustrative SAN environment 10 includes a SAN manager 20that can include one or more software modules that collectively manageSAN 10 by collating that information to discern the makeup, topology andstatus of the SAN and its components, to apprise an administrator orother operator of the same (and of changes thereto), and to implement anadministrator-defined or other policy, e.g., by way of non-limitingexample, for assignment and unassignment of storage devices to thehosts. These software modules can reside on a common digital dataprocessor platform, or can alternatively be distributed over a number ofdifferent platforms. Those platforms may comprise any digital dataprocessor suitable for connectivity, e.g., with the hosts 12 (via theagents), as illustrated and otherwise for programming, configurationand/or operation in the role of a manager, as described below.

[0194] The illustrated manager 20 is connected to the hosts 12 and tothe storage devices 14 via the LAN 18. A connection (not illustrated) tothe storage devices can also be provided through the interconnect 16. Asdescribed in more detail below, the manager 20 communicates with aplurality of agents, each of which resides on one of the hosts 12, todiscover and gather information about the hosts, the interconnectfabric, and/or the storage devices. This can include inband discovery,i.e., utilization of the hosts (via the agents) to gather informationregarding inter alia the storage devices and interconnect fabric viaqueries through the respective host bus adapters (HBAs), or otherrespective interconnect 16 interfaces. It can also include outbanddiscovery, e.g., utilization of the agents to gather hoststatus/configuration information from the hosts themselves and/or togather storage device status/configuration information from the storagedevices themselves (e.g., using an SNMP protocol).

[0195] As shown in FIG. 2, a SAN management environment according to theinvention can include one or more consoles, such as consoles 22 a and 22b, to present/accept information to/from an operator, such as a SANadministrator. Of course, other human machine interface (HMI) devices ofthe variety known in the art may be used in addition or instead (e.g.,personal digital assistants, teletype terminals, touch pads, and soforth). To this end, SAN manager 20 can utilize a graphical userinterface (GUI) to drive information to the operator/administratorconsole and/or collect information therefrom. For example, the managerGUI can present a SAN topology on a console 22 and accept therefromoperator commands regarding host-to-storage device assignments orunassignment. Though reference is made throughout the specification tographical user interfaces and GUIs, those skilled in the art willappreciate that this embraces non-graphical (e.g., textual orvoice-synthesized) interfaces, where otherwise appropriate in view ofcontext.

[0196] As discussed above, the manager 20 communicates with a pluralityof agents, each of which is associated with one of the hosts 12, togather information regarding attributes of the SAN. The manager 20collates and utilizes this information to manage the SAN (e.g., interalia, to discern the makeup, topology, and status of the SAN and itscomponents, to apprise an administrator or other operator of the sameand of changes thereto, and to implement an administrator-defined orother policy)

[0197]FIG. 3 schematically depicts functional components of the manager20 and an agent 24 in the illustrated embodiment of the invention. Inparticular, the manager 20 includes a policy manager module 26, alogical unit number (LUN) manager module 28, a SAN topology managermodule 30, and a host manager module 32. In addition, the manager 20includes a module 34 for providing kernel services, and a graphical userinterface 36. The functionality of the modules can, of course, bedivided differently.

[0198] Turning now to FIG. 5, the services provided by the manager 20can generally be grouped into Network management, LUN management, FileSystem monitoring and extension and general services. An exemplary listof some of these services follows:

[0199] SANDBParms. Utility Service used for accessing database tables.Used by File Monitoring/Extension and LUN Management functions.

[0200] SANEvent. Utility Service that extends the TKS event service byproviding logging and SNMP/TEC event forwarding.

[0201] SANEventCorrelatorFactory. Converts SNMP traps, reported by theOutband Change Agent, and HBA detected events, reported by the InbandChange Agents, into TSNM events. Also publishes the events.

[0202] SANHostMgr. Maintains the list of Managed Hosts by receivinginformation from the SANAgentHostQuery services.

[0203] SANIndex. Utility Service used to maintain indices for accessinginformation in database tables. This service is utilized in conjunctionwith SANDBParms, and is used by File Monitoring/Extension and LUNManagement functions.

[0204] SANLicense. Maintains the current license state (try and buy,fully licensed, not licensed)

[0205] SANLunMgr. Service that maintains the LUN assignments.

[0206] SANManagerService. Service that maintains the SAN topology andattribute information.

[0207] SANQueryEngine. Generic service that maintains a list of queriesto be performed against a set of inband and outband agents and performsthe queries through the SANAgentScanners and Outband Scanners.

[0208] SANStorAuto. Service that maintains the file monitoring andextension policy. Receives events from the SANAgentFSMonitor agent andperforms the extension actions through the SANAgentFSExtend.

[0209] The agents 24 provide serve as proxies for the manager, providingservices such as host file system monitoring, implementation of LUNassignment (e.g., via masking of non-assigned LUNs), and, as notedpreviously, discovery of host, storage device and/or interconnect fabriccomponents connected to the host on which the agent resides.

[0210] Each of the illustrated agents includes an agent framework andseveral subagents, though alternate divisions of functionality may beutilized in other embodiments. A subagent represents a major service orfunction. Such a service or function can relate, for example, to hostLUN masking via a host Device Driver, as discussed in more detail below.Alternatively, a subagent can scan a host attributes. In one embodimentof the invention, an object oriented programming language, such as,Java, is utilized for implementing the agent framework and subagents.

[0211] In the illustrated embodiment, the agents provide the serviceslisted below. Greater or fewer services may be provided in agents ofalternative embodiments:

[0212] SANAgentDiskPool. Service that receives LUN assignments from theSANLunMgr service and sends the requests to the SAN Disk Manager AgentInterface.

[0213] SANAgentFSExtend. Service that receives extension requests fromthe SanStorAuto service and extends the specified file system to thespecified physical volumes.

[0214] SANAgentFSMonitor. Service that monitors the File Systemutilization and posts events if the monitoring policy is exceeded.

[0215] SANAgentHostQuery. Service that sends host information to theHost Manager Service. Maintains a heartbeat healthcheck with the HostManager Service.

[0216] SANAgentnbandChangeAgent. Service that receives events from theEvent Scanner and sends the information to the Event Correlator Service.Maintains a heartbeat healthcheck with the Event Correlator Service.

[0217] SANAgentScanner. Service that receives scan requests from theQuery Engine, sets up the environment for the scanner executables,executes the scanners and returns the results.

[0218] SANAgentScheduler. Service used by the other agent services,which maintains a schedule of activity requests and initiates actions.

[0219] SdaDiskPool. Executable that performs LUN assignments at aplatform dependent level. Some platforms require at least one filterdevice driver to mask unavailable LUNs at boot. Dependent upon thespecifics of the platform, the filter fails attempts by the host filesystem to mount unassigned LUNs and, thereby, prevents I/O with them.

[0220] Msdiscover. Executable that performs Management Server queries tothe switches in order to obtain the topology information.

[0221] Sandiscover. Executable that performs operating system queries tothe managed host and SCSI queries to the endpoint devices in order toobtain attribute information.

[0222] Event & EventDaemon, Event Protocol Driver (AIX). Executable anddaemon that perform HBA queries in order to obtain event information.

[0223] Referring back to FIG. 4, the manager 20 and each agent, such asthe agent 24, can run on platforms having different operating systems,such as, Windows NT, Solaris, etc. Further, the manager can communicatewith an agent by utilizing object request broker-based (ORB-based)function calls with XML over a TCP/IP connection (though, an alternativeprotocol, such as HTTP can be used instead of the ORB calls). Moreover,a format other than XML can be used to transmit data and requestsbetween the manager and agents. An abbreviated example of XML containedin an agent's response to a request from the SAN manager is providedbelow:

[0224] <?xml version=“1.0”?>

[0225] <DOCTYPE LegacyXml SYSTEM “legacy.dtd”>

[0226] <LegacyXml>

[0227] <SystemXml>

[0228]<UniqueldXml>SystemXml:SystemXml:saigon.sanjose.ibm.com</UniqueldXml>

[0229] <ParameterXml>

[0230] <NameXml>Hostname</NameXml>

[0231] <ValueXml>saigon.sanjose.ibm.com</ValueXml>

[0232] </ParameterXml>

[0233] <ParameterXml>

[0234] <NameXml>IP Address</NameXml>

[0235] <ValueXml>9.113.212.78</ValueXml>

[0236] </ParameterXml>

[0237]FIG. 6 schematically illustrates the architecture of an exemplarymanager 20. The manager 20 includes a SAN Manager Service module 38 that(a) effects decisions (e.g., host-to-storage device assignment) onbehalf of the SAN in view of policy established by theoperator/administrator; (b) correlates the aforementioned inband andoutband data into a single composite view (e.g., component makeup andtopology) of the SAN, and (c) serves as a primary interface to theadministrator and to other applications.

[0238] LUN/SAN Topology Discovery

[0239] SAN Manager Service 38 assigns tasks to the illustrated engines,such as, discover engine or engines 40, and reassigns the assignedtasks, if needed, based on changes, e.g., in the interconnect fabriccomponents, services load and operator/administrator requests. Further,the SAN Manager Service 38 performs the aforementioned correlationfunction. For example, as discussed in more detail below, each discoverengine 40 can provide a portion of information regarding the topology ofthe SAN based on its scope. Some of this information may overlapinformation provided by other discover engines or may complement it. Forexample, a host may contain Fiber channel (FC) host bus adapters (HBA)and SSA HBA. Consequently, both the FC discover engine and the SSAdiscover engine can detect and report information regarding this host.The Manager Service 38 collates such fragmentary pieces of informationreceived from the various discover engines to obtain a composite imageof the topology of the SAN.

[0240] In addition to creating a composite image of the SAN, the SANManager Service 38 provides a high level interface with otherapplications for accessing this composite image. Thus, the SAN Manager‘owns’ the objects in the composite image and provides references thatother applications can utilize to access these objects, such as areference to the fabric level objects which contain the componentobjects.

[0241] With continuing reference to FIG. 6, the SAN manager 20 includesone or more fiber channel (FC) discover engines, such as the discoverengine 40 responsible for gathering topology and attribute informationfor the SAN components. The FC discover engine is subdivided into thefollowing functional areas: (1) Control: which coordinates the activityof the other areas; (2) Correlations: which pulls together theinformation from various subprocesses and creates a composite imagewithin the scope of a single discover engine, and (c) Attributes: whichprocesses the information from various attribute scanners, as describedin more detail below (in addition to processing attribute informationfrom upper level protocol commands utilized by the scanners, theattribute processor also identifies some topology information based oninferences from the devices available to the host systems); (4)Topology: which processes the information from the Topology scanners(inband and outband).

[0242] The discover engine 40 receives and processes informationgathered by one or more scanners, such as scanner 42, which areexecutables that interact with the hosts by performing system calls andIOCTL calls to gather information. Since each scanner needs to directlyinteract with the operating system of the host on which it resides, eachscanner is custom to the operating system of its host, and hence may notbe portable. To restrict this non-portability, each scanner runs withinan environment set up by a Scanner Subagent, such as exemplary subagent44, and returns information to the subagent, which in turn forwards theinformation to other services.

[0243] The function of gathering information can be split among severalscanners, for example, an attribute scanner and a topology scanner. Anattribute scanner can execute queries received from an attributediscover processor 40 a of the discover engine 40. This can includeissuing Name Server Queries, walking loops and issuing upper levelprotocol queries. This can result in gathering host and deviceattributes as well as rudimentary topology information, e.g.,connectivity group level information. The attribute scanner also gathersfile system level information used by Storage Automation agents. Thetopology scanner executes queries received from a Topology ScannerProcessor 40 b. This includes issuing Management Server/Name Serverqueries and RNID queries.

[0244] The discover engine 40 has preferably a separate process for eachtype of scanner. For example, the attribute scanner information isprocessed by the attribute processor 40 a that understands the format ofinformation received from the attribute scanner. Each discover engine isresponsible for presenting an image to the SAN Manager of the objectswithin its scope. Thus, the discover engine 40 receives events andperforms rediscovery and/or gathers attributes to update a SAN image.Since the discover engines are distributed, or at least have thecapability to be distributed, they need not automatically extend theirscopes. If a discover engine detects additional information beyond itsscope, it will report it to the SAN Manager process which determineswhether the discover engine should expand its scope or the new datashould be covered by another discover engine.

[0245] The SAN Manager 20 can also include a query engine 46 that is ahelper service which manages inband and outband scan requests. A client,such as the discover engine 40, registers scan requests with the QueryEngine 46 which specifies target, scanner name and period of executioninformation. The query engine 46 coordinates running of the scanners andreturning information to the client. A portion of the query engine 46includes outband scanners which perform Simple Topology and Topologyscans.

[0246] A Simple Topology scanner gathers interconnect elementinformation by utilizing FE MIB queries. This provides rudimentaryswitch information that can be combined with inband attribute scannerinformation to identify which switches constitute the individual SANs.An outband Topology scanner provides the same information as the inbandTopology scanner, with the exception of zone information, using the FCMGMT MIB and FE MIB. This scanner provides connection level information.

[0247] With continuing reference to FIG. 6, an Event Correlator 48 isresponsible for ensuring that Event SubAgents are running, creating richSAN management events from the raw event information provided by theEvent SubAgents or in SNMP traps and delivery of the SAN managementevent to interested services via an event service 50. The informationreceived from the Event Subagent or provided in the SNMP trap may beself-contained. However, in most cases, it will require processing toprovide a richer SAN management event that can be used by variousservices. As an example, an SNMP trap from an IP address will need to bemapped to an object in the SAN Manager's composite image and parsedbased on the MIB associated with that object type (e.g., once it hasbeen determined that a trap came from a Brocade switch, the Brocadeswitch MIB is utilized to determine the meaning of the trap).

[0248] SAN Manager Console

[0249] The exemplary manager 20 can also include a console, hereinreferred to as SAN manager console 52, herein referred to as Netviewconsole 52. A Netview server 54, a Netview Daemon 56, a SAN managerDaemon 58, a Netview Requester 60, and a Console Request handler 62allow the Netview console 52 to interact with the SAN manager service38.

[0250] The NetView server 54 and console 52 provide a topology consolefor SAN Manager. The primary interface for SAN Manager into the NetViewServer uses interfaces provided by a gtmd daemon. The server maintains apersistent store of the information that can be displayed by the NetViewconsole X and/or NetView Java Client 64.

[0251] Another interface between the SAN Management applications and theNetView server/console is the SNMP Trap interface. The Event Service canbe configured to send SNMP Traps to the NetView Server 54 which will bedisplayed on the NetView console 52.

[0252] The SAN Manager/NetView daemons 56/58 provide a bridge betweenSAN Manager services and NetView. The SAN Manager daemon 58 cancommunicate with the SAN Manager service 38 by utilizing, for example, aVoyager ORB interface. The NetView daemon 56 can communicate withNetView server 54 by utilizing, the gtmd interfaces, NVOT, OVW andOVWDB. These are C interfaces requiring that the daemon also bridge fromJava to C. The mapper portion of the daemon is responsible for mappingthe entity objects in the SAN Manager composite image into the NetViewserver. Although in some embodiments of the invention, the daemon doesnot have a persistent store of the information sent to the Netview, itcan have such a store of information to optimize communication.

[0253] Communication from NetView to SAN Manager is initiated throughthe NetView Requester 60, which is an executable launched by the NetViewconsole 52. This executable receives callback requests from NetView andforwards these requests to the Console Request Handler 62.

[0254] Communication from NetView to SAN Manager can be performed by theConsole Request Handler Application. Although shown as a single block,the launched application performs several distinct functions and may beimplemented as separate applications. In some embodiments, all menuoperations, such as launching a management application, are performedvia the Console Request Handler 62. Additionally, any custom screens ordialogs, such as an administration console, can be part of the RequestHandler. The Console Request Handler 62 communicates with the SANManager and other services via the NetView daemon. Although the Netviewdaemon and the Console Request Handler are shown as separate blocks,they are preferably packaged as a single service.

[0255] Policy Engine and Action Automation

[0256] Illustrated SAN manager 20 detects whether a host 12 has exceededa utilization threshold of its file system (e.g., as defined by the hostoperating system, the SAN administrator, or otherwise), and dynamicallyassigns new LUNs to that host. This function of the SAN manager isherein referred to as storage automation service. As shown in FIGS. 7Aand 7B, the SAN manager can include a policy engine 38a that isresponsible for carrying out policies relating to assignment of LUNs tohosts based on criteria set by the SAN administrator. In particular, thepolicy engine is responsible for deciding whether or not to assign LUNsto a host, which LUNs should be assigned and whether or not to issue analert.

[0257] With reference to FIG. 7B, more generally, the policy engine 38 aprocesses events. In particular, the policy engine maps (event, policy)pairs to an action generator 66 and maps actions received from theaction generator 66 to an action handler 68. An automation module 70provides the association between an event and a policy that applies tothat event. The event and policy objects are passed to the policy enginewhich consults its map to find any action generators that have beenregistered to handle the given (event, policy) pair.

[0258] The automation module 70 includes a set of classes (usually froma single Java package) that provide functionality in the policy engineframework. The following classes are utilized:

[0259] IpolicyAutomationControl. Classes that implement this interfaceinitialize the automation modules by creating subscribers andregistering action generators and action handlers with the policyengine. This interface can be implemented to create an automationmodule.

[0260] IactionGenerator. Classes that implement this interface alsoimplement a generatActions method by convention. This method can taketwo parameters. The first is an event class that implements IpolicyEventand the second is a policy class that implements IPolicy. ThegenerateActions method will evaluate the policy as it applies to theevent and will generate action objections as appropriate. The generateaction objects will be passed back to the policy engine which willdispatch them to the appropriate action handler.

[0261] IactionHandler. Classes that implement this interface alsoimplement a handle action method which takes as its sole parameter aclass which implements IpoliyAction. The action handler will execute theappropriate measures for the given action.

[0262] IPolicy, IPolicyEvent, Ipolicyaction. Classes that implementthese interfaces wrap information that the action generators and actionhandlers need in order to perform their functions.

[0263] During startup, the policy engine 38 a reads a list of classesfrom its preferences. Each class implements IpolicyAutomationControl andrepresents an automation module. The policy engine will create aninstance of each class and call its initialize( ) method, which isresponsible for registering action generators and action handlers. Inaddition, the initialize( ) method can also create subscribers forcertain types of events from the event subsystem. These events can formpart of the input to the policy engine.

[0264] With reference to FIG. 7A, one type of event handled by thepolicy engine is indicative of the file system of a host having exceededa threshold (FILESYSTEM_THRESHOLD_EXCEEDED). That is, the ratio of theused space to the total capacity of a file system or logical drive hasexceeded a defined threshold. A threshold subagent can raise such anevent when the threshold has been exceeded. Upon receipt of such anevent, an action handler, i.e., created by the policy engine based on(event, policy) pair, will determine whether or not to raise an alert.

[0265] This decision can be made as follows:

[0266] Step 1)

[0267] Determine values for Monitor, Extend, Maximum file system size,Threshold, Alert Interval, and File System Extension Criteria byquerying the policy database. Start by filling in any specific filesystem settings, then up through Hosts and Host Groups. Anything not yetdetermined should be set to the Enterprise defaults (values notexplicitly set will propagate up through the hierarchy).

[0268] Step 2)

[0269] If Monitor value is no, exit.

[0270] Step 3)

[0271] Compare observed utilization (used space/capacity) as reported inthe event to the defined threshold. If the observed utilization is notgreater than the defined threshold, exit—no alert is raised and no LUNis assigned. Update the agent.

[0272] Step 4)

[0273] If this is not extendable file system go to step 5, else go tostep 6.

[0274] Step 5)

[0275] Determine the amount of time, T, that has elapsed since an alertwas raised for this condition and compare that to the alert intervalstored in the policy database. If T is less than the alert interval, noalert is raised, otherwise indicate an alert should be raised and recordthe time it was done. Then exit.

[0276] Step 6)

[0277] If this file system has reached its maximum file system size sendan alert, else go to step 7.

[0278] Step 7)

[0279] Attempt to extend the file system, as follows:

[0280] (i) Obtain the list of available LUNs matching the LUN typedefined for the host from the SAN Disk Manager

[0281] (ii) If the list is empty, exit-no LUN is assigned, raise analert and log that there are no LUNs of this type available.

[0282] (iii) Sort the list by size in descending order.

[0283] (iv) Traverse the list until a LUN is found that is less than orequal to File System Extension upper bound but greater than or equal toFile System Extension lower bound. If one is found, the selectionprocess ends, and that LUN is used for assignment.

[0284] (v) If a LUN was not selected in step 7 (iv), and there are LUNsin the list that are smaller than File System Extension lower bound,select multiple LUNs from the list until the total capacity of theselected LUNs exceeds File System Extension lower bound, but is lessthan File System Extension upper bound if no combination of LUNs can bebuilt to satisfy the LUN Assignment Criteria (File System Extensionlower bound<combined capacity of selected LUNs<File System Extensionupper bound), the selection process ends, and no LUNs are assigned, andan alert is raised and logged.

[0285] Step 8)

[0286] Returns one or more LUNs to be assigned to the Storage AutomationService.

[0287] LUN Management

[0288] The SAN manager 20, as noted above, provides LUN management forthe SAN 10. This includes disambiguating logical unit identificationinformation supplied by the agents (e.g., from inband discovery),assigning LUNs to hosts in manner consistent with policy defined by anadministrator or otherwise (and effecting those assignments via theagents), deallocating LUNs, e.g., at operator/administrator request.

[0289]FIG. 8 illustrates various modules in the SAN manager thatimplement LUN management services. A SAN host manager module(SANHostMgr) 68 maintains a list of managed hosts, for example, by IPaddress, in a Host Table. This list enumerates machines configured asmanaged hosts. A SAN agent host query module (SANAgentHostQuery) 70provides host identification information at startup and on demand to theSANHostMgr 68. For example, at start of service, it sends AgentRegistration Event to the SANHostMgr 68. Further, it can be called byservices, such as, SANHostMgr 68, SAN LUN Manager module (SANLunMgr) 72,or other services, to provide host information. The SAN LUN managermodule (SANLunMgr) 72 maintains a list of Host-LUN assignments, forexample, by IP address or LUN ID, is an Assignment Table. This list istypically frequently updated by function calls from other services, suchas, GUI or SAN Automation. It is also occasionally updated according toconditions reported by a SAN Agent Disk Pool service module 74.

[0290] The SANLunMgr 72 also monitors and reports the existence ofSAN-attached hosts that do not have LUN masking enabled. These hosts,herein referred to as called “Rogue Hosts”, can potentially compromisethe SAN data integrity and security. Rogue hosts that are known to theSANHostMgr X are called “LUN Manager Rogue Hosts.” Those known only tothe SAN manager are called “SAN Manager Rogue Hosts.” SANLunMgr canenumerate LUN Manager Rogue hosts, and can provide an “existence”notification for the Rogue hosts. A list of the LUN Manager Rogue hostsis kept in a Rogue Host Table. The SANLunMgr 72 can also include aproperty change listener that adjusts SANAgentDisk polling interval, andenables Rogue Host handling only when SANAgentDiskPool agents are“deployed”. It further queries SANAgentDiskPool for agent status,updates Rogue Host Table, queries SANManager for SAN Manager Hoststatus, and notifies other services (GUI) of change in SAN Manager RogueHost status.

[0291] With continuing reference to FIG. 8, the SANAgentDiskPool 74provides basic host information to the SANLunMgr 72, services request toassign and un-assign LUNs, and refreshes LUN assignments according tothe current status recorded in the Assignment Table.

[0292] LUN IDs

[0293] In the illustrated embodiment, scanners running on the hostsquery the storage devices to gather raw information regardingattributes, e.g., logical units, of the storage devices. The scannerstransmit this raw information via the agents to the SAN manager, whichutilizes this information along with an algorithm and supportinformation, as well as previous scan information, to assign identifiersto the storage logical units, as described in more detail below. The SANmanager passes the LUN ID information as well as an algorithmidentifier, for example, through a Disk Manager, to filter driversassociated with the hosts. These filter drivers intervene whenever thehost file system or operating system attempt to mount a storage deviceon the interconnect fabric, failing all attempts except those forassigned LUNs.

[0294] With reference to FIGS. 9 and 10, in this illustrated embodiment,the scanners running on exemplary managed hosts 12 a-12 c, such as anAttribute Scanner 42 a, utilize Page 83 h and/or Standard Page commandsof SCSI protocol to query exemplary storage devices 14 a, 14 b, 14 c,and 14 d regarding attributes of storage logical units present on thesedevices. Vendor and product identification data can be separated intothe following distinct fields:

[0295] (Unique ID) Unique ID generated as “LunXml:”+node WWN+“LUN”+lun#

[0296] (Vendor ID) Vendor ID from Standard Inquiry fields 8-15

[0297] (Product ID) Product ID from Standard Inquiry fields 16-31

[0298] (Revision) Revision level from Standard Inquiry fields 32-35

[0299] (rawSTDdata) STD data is the entire set of Standard Inquiry datareturned by the device.

[0300] (raw83data) 83 h data is the entire set of Inquiry VPD page 83 hreturned by the device. If the device does not support page 83 h, thenthe raw83data stanza will not be included in the data.

[0301] While those skilled in the art will appreciate that othercombinations of fields may be used, the UniqueID, VendorID, Product ID,Revision, rawSTDdata and raw83data are returned in the manager portionof the scanner results. The raw STDdata and raw83data are also returnedin the Storage Automation portion of the scanner results. The unique IDfield is utilized for relative identification within the XML.Identifying the logical unit based on reporting node WWN may result inidentification of the same LUN in the XML data multiple times withdistinct unique IDs. These LUNs will be resolved into a single entity atthe manager level applying the LUN ID algorithms, described below.

[0302] The Attribute Scanner 42 a reports the raw device Page 83 h andStandard Page data to a Storage Automation Policy Agent 74 that callsthe SAN Manager 20 to convert this raw data into LUN IDs.

[0303] The SAN manager generates LUN IDs, as discussed in more detailbelow, from the raw data received from the policy Agent. If the SANmanager fails to generate distinguishable LUN IDs, it flags the deviceand the LUN associated therewith, and publishes an event. The SANmanager further sends the generated LUN IDs to a Disk Manager 76 and theSAN Manager GUI 20 a.

[0304] The general format of a LUN ID formed by the SAN manager is acombination of an algorithm identifier, a vendor ID, a product ID, andan ID number that can be, for example, the serial number of a device.Although the world wide ID returned in the page 83 h information isgenerally sufficient to guarantee uniqueness, the algorithm identifieris included to ensure uniqueness across algorithms. Further, the vendorID and the product ID are employed to ensure uniqueness across vendorand product families.

[0305] Although a LUN ID is composed of various fields, it is nottypically intended to be parsed for accessing its individual fields. Insome embodiments, the LUN IDs will be 113 characters in length whenrepresented in percent (%) notation and will be padded with trailingspaces, if necessary. Though alternate embodiments may use differentfield and overall lengths, in the illustrated embodiment, the 113character limit ensures that the LUN IDs can be persisted as uniqueidentifiers within the SAN manager persistence service. In theillustrated embodiment described herein, the lengths of various portionsof a LUN ID is as follows algorithm identifier 2 characters; vendor ID 8characters; product ID 16 characters; Id number 29-87 charactersdepending on % conversion usage.

[0306] Various exemplary algorithms utilized by the SAN manager to formunique LUN are described below. Each is based on different data obtainedfrom Page 83 h or from the Standard Inquiry page of the storage devices:

[0307] LUN Generation Using Page 83 h Data-Type 1 (0)

[0308] Page 83 h may contain one or more one or more identifiers. Theprocess for all of the Page 83 h queries is to parse the page and stepthrough the list of Identification Descriptors until a match isencountered. The validity of generating a LUN ID with this algorithm isverified by comparing the following fields: Field Value Byte 0(reserved/code set) of the Identification ‘01’ or ‘02’ Descriptor frompage 83h Byte 1 (reserved/association/ID type) of the ‘01’Identification Descriptor from page 83h

[0309] The LUN ID is generated by concatenating the following fields:Field Value Algorithm ‘00’ Vendor ID Bytes 8-15 of Standard Inquiry DataProduct ID Bytes 16-31 of Standard Inquiry Data ID Bytes 4-n of theIdentification Descriptor from page 83h

[0310] LUN Generation Using Page 83 h Data-Type 2 (1)

[0311] The validity of generating a LUN ID with this algorithm isverified by comparing the following fields: Field Value Byte 0 of theIdentification Descriptor ‘01’ or ‘02’ from page 83h Byte 1 of theIdentification Descriptor ‘02’ from page 83h

[0312] The LUN ID is generated by concatenating the following fields:Field Value Algorithm ‘01’ Vendor ID Bytes 8-15 of Standard Inquiry DataProduct ID Bytes 16-31 of Standard Inquiry Data ID Bytes 4-n of theIdentification Descriptor from page 83h

[0313] LUN Generation Using Page 83 h Data-Type 3 (2)

[0314] The validity of generating a LUN ID with this algorithm isverified by comparing the following fields: Field Value Byte 0 of theIdentification Descriptor ‘01’ or ‘02’ from page 83h Byte 1 of theIdentification Descriptor ‘03’ from page 83h

[0315] The LUN ID is generated by concatenating the following fields:Field Value Algorithm ‘02’ Vendor ID Bytes 8-15 of Standard Inquiry DataProduct ID Bytes 16-31 of Standard Inquiry Data ID Bytes 4-n of theIdentification Descriptor from page 83h

[0316] LUN Generation Using Standard Inquiry Data (3)

[0317] The Validity of generating a LUN ID with this algorithm isverified by comparing the following fields: Field Value Bytes 36-45 Nonzero values

[0318] The LUN ID is generated by concatenating the following fields:Field Value Algorithm ‘03’ Vendor ID Bytes 8-15 of Standard Inquiry DataProduct ID Bytes 16-31 of Standard Inquiry Data ID Bytes 36-45 ofStandard Inquiry Data

[0319] The following is an example of a LUN ID generated by utilizingthe Standard Inquiry data algorithm. Note that the data is shown in %notation: “03EMC SYMMETRIX 123456789”

[0320] LUN Generation Using Standard Inquiry Data-Extended Fields(4)

[0321] The validity of generating a LUN ID with this algorithm isverified by comparing the following fields: Field Value Bytes 36-55 Nonzero values

[0322] The LUN ID is generated by concatenating the following fields:Field Value Algorithm ‘04’ Vendor ID Bytes 8-15 of Standard Inquiry DataProduct ID Bytes 16-31 of Standard Inquiry Data ID Bytes 36-55 ofStandard Inquiry Data

[0323] Assigned LUN IDs are communicated to agents by the SAN manager 20for use in effecting LUN assignments, or “LUN masking,” on therespective hosts. Specifically, the Disk Manager 76 updates a filterdriver 79 residing within a respective agent on each host with a list ofassigned LUN IDs. When an attempt is made to mount a storage deviceotherwise visible to the host, the filter driver 79 intervenes, applyingthe LUN ID algorithm indicated in the manager-supplied IDs (e.g., fromamong the algorithms described above) and failing for any device forwhich there is not a match (and succeeding for any device for whichthere is a match). In this way the filter driver “masks” LUNs, i.e.,prevents the host from accessing unassigned LUNs.

[0324] Another service provided by the SAN manager of the inventionrelates to File System monitoring and extension. With reference to FIG.11, A SAN Storage Automation Service module 78 (SANStorAuto) functionsas a controller for policy information. In that capacity, it has threemain functions, namely, (1) maintenance of policies, (2) notification toFile System monitor module 80 (FSMonitor) of policy changes, and (3)processing events when policies are exceeded.

[0325] The SANStorAuto 78 maintains a set of database tables thatindicate the current policy definitions for each managed host. Thispolicy includes a monitor flag, extend flag, maximum file system size,threshold, alert interval, LUN type, lower bound and upper bound.

[0326] A SAN Administrator Client module 82 (SANAdminClient) can requestpolicy information from SANStorAuto 78 to be displayed on a graphicaluser interface console (not shown) and can send policy updates back tobe saved in a database. When policy updates are made via the GUI, theyare pushed down to the corresponding file system monitors.

[0327] When a file system monitor detects that a policy has beenexceeded, an event is sent to the SANStorAuto 78. The policy engine 38 areceives this event and determines if the file system can and/or shouldbe extended, or if only notification is required. If the file systemshould be extended, then the policy engine determines what LUN to useand requests that the LUN be assigned to by the SANLunMgr 72. Once theLUN is assigned, a File System Extension service (SANAgenFSExtend) 84 iscalled to perform the extension by utilizing the host local operatingsystem to extend the file system onto the newly assigned LUN.

[0328] A SANAgentScheduler 86 is a utility function that lets otherfunctions schedule actions to be started some time in the future. Itmaintains a list of activity requests and the action to be performedwhen the request time is reached.

[0329] At startup, a SANDBParms utility service 88 retrieves databaseparameters from the TMD and stores them as an object. Other services canthen access the object to create database connections. There is also ahelper functions for creating a pool of database connections that can bereused.

[0330] A SANIndex 90 is a utility service that maintains a databasetable that other services can create, named sequences in. It will returnthe next index value given a sequence name.

[0331] A SANEvent is a utility service that can perform 3 functions,namely, (1) logs all SANEvents, (2) forwards events to SNMP and TEC, and(3) maintains the location of the SNMP and TEC event consoles.

[0332] SANEvent service subscribes to all SANEvents. All other eventspublished by TSNM extend SANEvent. When a SANEvent is received, it islogged in the TKS message log.

[0333] SANEvent service will look inside each SANEvent it receives andif there is SNMP and or TEC information in the SANEvent, the events willbe forwarded to the SNMP or TEC consoles.

[0334] Another function of SANEventService is to maintain the locationof the SNMP and TEC consoles. The SANCommonAdminClient requests thelocation information to be displayed on the Console and sends updatesback.

[0335] Peer Classes and Component Data Persistence

[0336] The SAN manager of the invention preferably utilizes an ObjectOriented (OO) data model, but employs a relational data model forstoring persistent data. The SAN manager employs peer classes, asdiscussed in more detail below, to map the OO model onto a relationalmodel. The use of peer classes advantageously isolates the businesslogic from the relational database logic while allowing the use ofinheritance in the business and database logic. This has the addedadvantage that different third party products for mapping an OO model toa relational model can be utilized without impacting the business logic.

[0337] With reference to FIGS. 12 and 13, the use of peer classes inaccord with the teachings of the invention for mapping an OO model to arelational model can be better understood by considering an example.FIG. 12 illustrates a simple object model 90 including an inheritancetree with two abstract classes 92 and 94 and a concrete class 96. Eachclass 92-96 includes persistable data (a1, a2, and a3).

[0338] In the method of the invention for mapping the persistable datacontained in the classes 92-96 onto a relational database, for eachclass 92-96, a corresponding peer class (peer classes 92 a, 94 a, 96 a)is formed, and the persistable data in each of the classes 92-96 ispassed to its corresponding peer class. The peer classes 92 a-96 a inturn map the persistable data onto a relational database to be stored inas persistent data.

[0339] The peer classes 92 a-96 a form an inheritance hierarchy. Thereis only one reference between the classes 92-96 and their correspondingpeer classes 92 a-96 a, namely the pointer iPeer in the root object(Abstract 1). The iPeer value is overwritten as classes are constructeddown the inheritance tree (from top to bottom). Attributes stored inintermediate classes are still accessible from all the left hand columnobjects, since the (bottom right hand) object pointed to by the iPeerwill inherit the attributes of all the classes above it in the righthand column. This advantageously saves a great deal of complexity in thecode by obviating the need for every class on the left to have its ownpointer to a corresponding class on the right. When an object on theright is retrieved from a database, code in “PersistablePeer1” cansimply call “createOrigObject( )”, which will automatically call“createOrigObject” in the bottom right hand class, to automaticallyconstruct the correct object (& tree) in the left-hand column, matchingthe object retrieved.

[0340] Further understanding of the use of peer classes in the SANmanagement system of the invention can be obtained by reference toFIGURE X.

[0341] Administrator Notification

[0342] The SAN management system of the invention can notify the SANoperator/administrator of the occurrence of a condition, e.g., theutilization of a file system exceeding a threshold (e.g., defined by thehost file system, the SAN administrator or otherwise). The SAN managernotifies the administrator of the first occurrence of the condition, butallows the administrator to define a time interval, herein referred toas alert interval, before the administrator is notified of subsequentoccurrences of the same condition.

[0343] For example, the SAN management system may be monitoring acondition every 15 minutes, but the administrator may require anotification every two days. When the system detects an occurrence ofthe condition, it will determine whether it is the first time that thecondition has been detected by consulting a database for date and timeof a previous notification, if any, of the occurrence of the samecondition. If there is no saved date and time corresponding to aprevious notification, the manager transmits a notification to the SANadministrator, and saves the date and time of the transmittal.Alternatively, if the database contains a date and time corresponding toa previous notification of the same condition, the manager determineswhether the time elapsed since the previous notification exceeds thealert interval. If the elapsed time exceeds the alter interval, anotification is transmitted. Otherwise, no notification is transmitted.

[0344] The use of an alert interval by the SAN management system of theinvention allows an administrator to control the frequency ofnotifications sent by the manager thereto regarding the occurrences ofvarious conditions. Further, the SAN management system preferablyprovides a graphical user interface to the administrator for efficientand convenient setting of the alert interval.

[0345] Graphical User Interface

[0346] The SAN manager console employs a variety of graphical userinterfaces (GUI) for displaying various components of the SAN, such as,the hosts, the storage devices, and their selected attributes to the SANoperator/administrator. As shown in FIG. 15, a GUI server 98communicates with the SAN Manager by utilizing, for example, an ObjectRequest Broker (ORB) over a TCP/IP connection. The Manager can createobjects (services) and “bind” them to the ORB directory service. GUI can“look up” an object by name in the directory service and get the object“proxy”. GUI can invoke object methods to obtain information or toperform operations.

[0347] As an example of a GUI utilized by the SAN manager of theinvention, FIG. 16 illustrates a display 100 in a portion of which astorage device, and its selected attributes, such as, its serial number,its product Id, are shown. The display is presented on consoles or othergraphical HMI devices of the type discussed above in connection withFIG. 2. The Storage device is identified in a first panel, and itsselected attributes are displayed in a second panel vertically separatedfrom the first panel. In this illustrated embodiment, the selection ofthe storage device in the first panel, for example, by clicking on theicon representing the storage device, results in the display of itsproperties in the second panel.

[0348] As another example of a GUI utilized by the SAN manager of theinvention, FIG. 17 illustrates a display 102 illustrating a panel 104that includes a containment tree hierarchy having a storage device atthe top, and a LUN contained in the storage device at a level beneaththe storage device. This provides a convenient visual representation ofthe LUNs within a storage device. The selection of an object in thepanel 104 results in the display of selected attributes of the selectedobject. For example, in this exemplary illustration, the selection ofthe displayed LUN results in the display of selected properties of theLUN in another panel 106 vertically separated from the panel 104. Theseselected LUN attributes include, among other items, the names of thehosts to which the LUN is assigned, the IP addresses and the operatingsystems of these hosts. In a preferred embodiment, the LUN attributesare displayed in the panel 106 only if the icon representing that LUN isselected in the panel 104. This can minimize the retrieval ofinformation regarding the LUN attributes from a database, which can be aremote database.

[0349] Those skilled in the art will appreciate that the formats for thedisplay of the various hosts and storage devices, and the associatedLUNs and their attributes are not limited to those presented above. Forexample, horizontally separated panels rather than vertically separatedpanel can be utilized to present a LUN and its associated attributes.Further, the selection of the attributes of the storage devices and theLUNs to be displayed to a operator/administrator can be different or cancomplement those described above.

[0350] Use of GUI for LUN Assignment, Unassignment and Other Functions

[0351] In one aspect, the invention provides a graphical user interface(GUI) in a SAN management environment of the type described above thatallows the operator/administrator, to efficiently assign (and unassign)one or more LUNs to each host connected to the SAN. More particularly,the selection of a host and a LUN accessible to that host from a displaycontaining objects representing the host and the LUN results in enablingan Assign function, or an Un-assign function and/or a Re-assignfunction. The administrator can utilize the enabled functions to assign,un-assign and/or re-assign the LUN to the host.

[0352]FIG. 18 further illustrates this aspect of the invention bypresenting a GUI 108 that includes a panel 110 in which a plurality oficons 112 a, 112 b, 112 c, and 112 d represent the various managed hostsconnected to the SAN. The selection of an icon representing a host,e.g., archi, results in the display of the LUNs accessible to that hostin a separate panel 114, which is vertically disposed relative to thepanel 110. In this illustrated embodiment, the information regarding theLUNs accessible to the host archi is presented in a table format whichincludes information regarding the storage capacity of each LUN, itsvendor, product id, and revision. In addition, for a selected number ofLUNs, a status parameter indicates whether the LUNs are assigned or notassigned to the host, in this case archi.

[0353]FIG. 19 illustrates that the selection of one of the displayedLUNs, namely, the LUN having a unit number 40BFCA34, results inactivation of a an Assign LUN button 116 indicating that the Assignfunction has been enabled. Hence, the selection of the Assign button 116results in effecting the assignment of this LUN to the host “archi.”

[0354] Alternatively, as shown in FIG. 20, the selection of thedisplayed LUN having a unit number ACZ66203, which has been previouslyassigned to the host archi, results in activation of the Unassign LUNbutton 118 and Reassign LUN button 120. The operator/administrator canselect the activated Unassign function to un-assign this LUN from thehost archi. Alternatively, the operator/administrator can select theactivated Re-assign function to re-assign the selected LUN to the hostarchi.

[0355] GUI Filtering

[0356] The system SAN management system of the invention allowsfiltering the LUNs displayed in a graphical user interface by utilizingone or more selected criteria. For example, in one embodiment, a set ofdisplayed LUNs can be filtered to provide a display of those LUNs whosecapacity exceeds an operator/administrator-defined threshold.

[0357] For example, FIG. 21 illustrates a table 122 of accessible LUNs.FIG. 22 illustrates the accessible LUNs of FIG. 21, and it furtherillustrates an object 124 in the form of a pop-up window that allows theoperator/administrator, to enter a criterion for filtering the LUNs. Inthis illustrated embodiment, the operator/administrator can filter theLUNs based on whether a LUN capacity is greater than or less than aoperator/administrator-defined threshold. In this case, theoperator/administrator has chosen a value of 5000 kilobytes as capacitythreshold. The application of this threshold value to the accessibleLUNs in table 122 results in displaying only those LUNs whose capacitiesexceed this threshold.

[0358] Event Processing

[0359] Referring to the discussion in connection with FIG. 6, the SANmanager 20 includes one or more fiber channel (FC) discover engines (orother such engines corresponding to the interconnect 16 and/orhost-to-storage device communication protocol), such as the discoverengine 40 responsible for gathering topology and attribute informationfor the SAN components. Each discover engine 40 receives and processesinformation gathered by one or more scanners, such as scanner 42, whichare executables that interact with the hosts 12 by performing systemcalls and IOCTL calls to gather information. The SAN Manager 20 includesa query engine 46 that is a helper service which manages inband andoutband scan requests. The discover engine 40, registers scan requestswith the Query Engine 46 which specifies target, scanner name and periodof execution information. The query engine 46 coordinates running of thescanners and returning information to the client. A portion of the queryengine 46 includes outband scanners which perform Simple Topology andTopology scans.

[0360] The function of gathering information is split among severalscanners, e.g., an attribute scanner, topology scanner, a simpletopology scanner and an outband topology scanner. Together, thesecollect inband and outband information including host and deviceinterconnectivity (e.g., which storage devices are accessible to whichhosts and host file system utilization), host attributes (e.g., filesystem information, including identities of mounted storage devices),storage device attributes (e.g., storage capacities), and interconnectelement information. The scanners can perform information gathering, ordiscovery, on boot-up of the hosts and periodically thereafter, e.g., ata preset interval set by the system administrator or by default. Theycan also perform discovery on occurrence of events detected by theirrespective hosts, e.g., resulting from insertion or removal of a storagedevice, or at the request of the SAN manager 20. In the illustratedembodiment, complete scans are transmitted by the scanners 42 to thediscover engine 40. That information is transmitted in XML format overvia a TCP/IP connection, e.g., via network connection 18. In alternateembodiments, communications can be in other formats and/or via alternatenetwork or other communication connections.

[0361] Discover engine 40 maintains a one level-deep history of scansfrom each scanner 42. It discerns changes in the SAN by comparing eachscan as it is received from each respective scanner with a prior scanfrom that same scanner. If the engine 40 identifies differencesaffecting the topology of the SAN, it generates and forwards to the SANmanager 20 service module 38 notifications reflecting those changes.These can include, for example, notifications indicating addition of anew host or storage device, modification of attributes of a host orstorage device, removal of a device, or change or removal of arelationship between a host and a storage device. In one embodiment ofthe invention, the discover engine 40 generates a single notificationfor each change identified when comparing a newly received scan with aprior scan from the same scanner 42. In alternate embodiments, it canforward multiple notifications and/or data for each identified change.

[0362] In the illustrated embodiment, when all the notificationsresulting from comparison of a newly received scan with a prior scanfrom the same scanner 42 are completed (i.e., transmitted to the servicemodule 38), the discover engine generates a further notification. This“scan complete” notification (or other termination notification) signalsthe service module 38 that the prior notifications just generatedpertain to a single scan. In alternate embodiments, e.g., where thediscover engine generates multiple notification and/or data for eachidentified change, the engine 40 can generate a “scan complete” oranother such termination message following generation of those multiplenotifications/data.

[0363] Due to the nature of the SAN 10, scans are typically generated bythe scanners 42 asynchronously with respect to one another. Moreover,scans conducted following processing by the service module 38 of thetopology changes identified by the discover engine 40 can result ingeneration of further notification. To avoid an excessive backlog ofnotifications, the module 38 queues the received notifications ingroups. It processes the groups only after receiving the scan completeor other termination notification for that group. Moreover, it processeseach group of notifications one at a time and atomically. To accomplishthis, processing is effected through execution of tasks created forhandling each respective group of notification and placed on a separatequeue by the service manager 38.

[0364] The SAN service module 38 places on a first queue Q1notifications N1, N2, N3, . . . received from the discover engine duringprocessing of a newly received scan. Upon receiving a scan completenotification for that scan, the service manager creates a task S1 for(i) processing the notifications N1, N2, N3, . . . , and (ii) updatingthe manager 20 representation of the SAN topology. It queues that taskto a second queue Q2 and, if no other tasks are ahead on it, invokestask S1 to effect such processing and updating.

[0365] In the meanwhile, SAN service module 38 places on a first queueQ1 further notifications N1′, N2′, N3′, . . . received from the discoverengine during processing of a different newly received scan. Uponreceiving a scan complete notification for that scan, the servicemanager creates a task S2 for processing those notifications andupdating the manager's SAN topology representation. It queues that taskto a second queue Q2 and processes it in order. In the illustratedembodiment, the second queue is a first-in-first-out queue. Thus, taskobjects S1, S2 are executed in FIFO manner. In alternative embodiments,the second queue may be implemented as a priority queue or otherwise.

[0366] Illustrated tasks S1, S2 are represented by respectiveobject-oriented programming (OOP) objects. Each includes method and datamembers that process the corresponding queued notifications N1, N2, N3,. . . , N1′, N2′, N3′, . . . in FIFO manner. Thus, once an element onthe second queue is invoked, the notifications associated therewith onthe first queue are processed one at a time by invoking actions, e.g.,in the manner discussed above in regard to the policy engine and actionautomation engine, that, inter alia, update the SAN topology maintainedby the manager 20 or otherwise accommodate the indicated change.

[0367] Though illustrated notifications N1, N2, N3, . . . are processedon a FIFO basis, in alternative embodiments, the notifications of eachrespective group may be processed based on priority or otherwise withrespect to other notifications of the same group. Moreover, though OOPobjects are utilized in the illustrated embodiment, those skilled in theart will appreciate that other constructs may be utilized instead and/orin addition to represent the tasks.

[0368] In addition to tasks S1, S2, . . . , that are generated by theservice 38 as a result of notifications from the discover engine,further tasks (not shown) may be queued to the task queue Q2representing operator/administrator requests. These include, forexample, requests to change the name of a storage device (e.g., LUN),and so forth. Such tasks are queued in FIFO, priority, or other order,for execution. Unlike the other tasks S1, S2, . . . , theoperator/administrator-effected tasks do not involve processing ofnotifications in the first queue.

[0369] This dual approach to handling changes in the SAN, namely,placing asynchronously received scan complete events on a first queueand placing tasks for processing thereof on a second queue allowsmaintaining a stable representation of various attributes of the SAN,and further ensures that the task notification queues are kept at areasonable size.

[0370] Conflict Resolution in Event Processing

[0371] Continuing with the above discussion, a task object, e.g., S1,may retrieve further data from the discover engine during processing ofits corresponding notifications, N1, N2, N3, . . . For example, anotification N1 can indicate that a storage device has been added. Toupdate the topology representation maintained by the manager 20, themanager service 38 retrieves the identity of that storage device fromthe corresponding scan representation maintained by the discover engine.That information, once obtained, is used by the service 38 to update thetopology representation.

[0372] In the event the discover engine representation has been modifiedsince the notification N1 was issued, for example, as a result of alater received scan indicating that the newly added storage device wassubsequently removed, the manager service 38 detects a logical conflict(e.g., between the event notification N1 indicating that the device hasbeen added and the discover engine database indicating that no suchdevice exists). In such instances, the service 38 employs a conflictresolution mechanism and takes action based on the class of conflict. Inthe illustrated embodiment, classes of conflicts include modificationsof the discover engine representation, e.g., as a result of newlyreceived scans, or corruption of the service manager representation,e.g., as a result of improper action taken on previous events, missedevents, database save failures, etc.

[0373] Scenarios that indicate corruption and those that indicate aprobable change to the underlying representation are identified anddocumented below. When corruption is absent, no action may be requiredon the part of the manager service whose goal it is to keep itsrepresentation “in sync.” However, as a precautionary measure, themanager service can record that an event was received that did notresult in an update, and then verify that the expected subsequent eventdid indeed follow sometime later.

[0374] Handling Events That Appear Inconsistent with Current SAN ManagerServices or Discover Engine Database Contents

[0375] New Device Event Received

[0376] Problem Scenario #1) Device is not in discover engine database.

[0377] Probable Cause: The discover engine removed the object from itsdatabase prior to when the SAN manager 20 service started processing thenew device event. A subsequent “device-missing event” should beforthcoming.

[0378] Action: Discard the new device event. Alternatively, see if it ispresent in the SAN manager 20 service database, and if so, change thestate to “suspect”.

[0379] Problem Scenario #2) Device is already listed in the SAN manager20 system database and its state is not “missing”.

[0380] Probable Cause: The databases are out of sync.—missed adevice-missing event.

[0381] Action: Perform database recovery actions. (See list of possibleactions below.)

[0382] New Relationship Event Received

[0383] Problem Scenario #1) Relationship Object is not in discoverengine database.

[0384] Probable Cause: The discover engine subsequent to transmitting anotification to the SAN manager 20 service removed the object from itsdatabase prior to the SAN manager 20 serviceprocessing of the newrelationship event. A subsequent “relationship-missing event” should beforthcoming.

[0385] Action: Discard the new relationship event. Alternatively, see ifit is contained in the SAN manager 20 database, and if so, change thestate to “suspect”.

[0386] Problem Scenario #2) Relationship object is already listed in theSAN manager 20 service database and its state is not “missing”.

[0387] Probable Cause: The databases are out of sync.

[0388] Action: Perform database recovery actions: (See list of possibleactions below.)

[0389] Problem Scenario #3) One of the corresponding devices is notlisted in the SAN manager 20 service database.

[0390] Probable Cause: (small) timing window.

[0391] The following example further illustrates how a small timingwindow can cause such a problem scenario:

[0392] at time t1, a device, herein referred to as Dev2, is added to thediscover engine database and a new device notification is sent to theSAN manager 20 service,

[0393] at time t2, a relationship R12 is added to the discover enginedatabase,

[0394] at time t3, Dev2 is removed from the discover engine database,

[0395] at time t4, the SAN manager 20 service attempts to retrieve Dev2from the discover engine database as a result of the event at time t1.Dev2 is not present, and the SAN manager 20 service takes no action,

[0396] at time t5, the SAN manager 20 service receives R12, but it failsto add R12 to its database because Dev2 is not in the SAN manager 20database.

[0397] Action: If adding the relationship object fails because the “toor from” object is not there, take no action on this event and assumethat a Relationship Missing event will be received.

[0398] Modified Attribute Event

[0399] Problem Scenario #1) Device is not contained in the SAN manager20 service database.

[0400] Probable Cause: Missed processing one or more events—the SANmanager 20 database is corrupted.

[0401] Action: Perform database recovery actions. (See list of possibleactions below.)

[0402] Problem Scenario #2) Device is contained in the SAN manager 20service database, but its state is “Missing”.

[0403] Probable Cause: Missed processing one or more events—the SANmanager 20 service database is corrupted.

[0404] Action: Perform database recovery actions. (See list of possibleactions below.)

[0405] Missing Device Event

[0406] Problem Scenario #1) Device is not contained in the SAN manager20 database.

[0407] Probable Cause: The device went missing before a New Device Eventcould be processed.

[0408] Action: Discard the event.

[0409] Problem Scenario #2) Device is in the SMS DB and its state is“Missing”.

[0410] Probable Cause: Very similar to Scenario (1), except in thisscenario earlier new & missing events were handled.

[0411] Action: Discard the event.

[0412] Missing Relationship Event

[0413] Problem Scenario #1) Relationship is not contained in the SANmanager 20 service database.

[0414] Probable Cause: The relationship went missing before aNew-Relationship Event could be processed.

[0415] Action: Discard the event.

[0416] Problem Scenario #2) Relationship is in the SAN manager 20service database, but its state is Missing”.

[0417] Probable Cause: Very similar to Scenario (I), except in thisscenario the earlier new & missing events were handled.

[0418] Action: Discard the event.

[0419] Possible Actions To Take when it is Determined that the SANManager System Database is Out of Sync with the Discover Engine Database

[0420] In the illustrated embodiment, if the SAN manager database issufficiently out of synch with the discover engine database to requirerecovery, e.g., as determined above, the following procedures can beexecuted by the SAN manager 20 to rebuild the former in whole or inpart, optionally, followed with error logging and/or event notification.

[0421] 1. Clear out SAN manager 20 system database and copy in thediscover engine database, thus rebuilding the SAN manager database inentirety.

[0422] 2. As an alternative to (1), compare the databases in entiretyand add in any objects from Discover engine database and delete or markas missing any objects unique to the SAN manager 20 service database.

[0423] 3. As an alternative to (1) and (2), which require a pass throughone or both databases in their entirety, fix the problem locally. Forexample, if a Modified Attribute event occurs for an object not in theSAN manager 20 service database, the object is retrieved from thediscover engine database ignoring any other discrepancies.

[0424] 4. Alternative (3) can be expanded to not only get the absentobject, but to also look for immediate relationship objects and otherneighboring objects that might also be absent. A threshold can be set(and then resort to option (1) or (2)) making it unnecessary to try tomatch the discover engine database via traversing around the entire SANRegion.

[0425] 5. A still further alternative to (3) is to rebuild the topologyrepresentation from the scan histories of hosts actually or likely to becoupled to, or in the region of, the device represented by an objectthat is missing or in connection with which the discrepancy arose. Arelated alternative is to compare a portion of the topologyrepresentation containing that object with a corresponding portion ofthe discovery engine database (e.g., the scan histories of hostsactually or likely to be coupled to, or in the region of, the devicerepresented by an object) and to add, mark or delete objects in themanner described in alternative (2).

[0426] 6. Take no action. With proper coding, no events lost or out oforder, etc, this situation should never arise. In addition, if anadministrator came to distrust the SAN manager 20 service database, heor she can clear the database and issue discovers.

[0427] 7. In the event of a significant problem with mismatches betweenthe databases, a severe error message can be generated recommending thatthe administrator exercise an option similar to options (1) and (2)rather than perform one of these steps automatically.

[0428] Alternate Embodiment for Event Processing

[0429] To obviate the need for the service 38 to retrieve further datafrom the discover engine during processing of tasks and notifications,N1, N2, N3, . . . , and to engage in conflict resolution as discussedabove, the discover engine 40 of alternative embodiments of theinvention transmits to the manager service, in addition to anotification, data sufficient for its processing.

[0430] By way of illustration, referring again to FIG. 6, in thisalternative embodiment, the discover engine 40 communicates anotification regarding one or more changes in topology of the SAN to themanager service 38 in combination with the data that the manager service38 needs to handle the notification. For example, if the notificationrelates to a missing storage device, the discover engine 40 not onlytransmits a “missing device” notification, but it also transmits, withthe notification, the identity of the storage device that is missing.This allows the manager service to update its SAN topology databasewithout a need to request additional data from the discover engine. Thecombination of notification and data, or “smart event” notification, cantake the form of an OOP object or any other data construct or mechanismsufficient to carry the requisite information between the services.

[0431] In another example, the use of “smart event” notificationsobviates the conflict presented in problem scenario #1 above under theheading “New Relationship Even Received”, by transmitting, from thediscover engine to the manager service, a newly discovered relationshipobject with a notification that a SAN topology change has occurred.Similarly, other conflict scenarios listed above can be avoided bycombining the transmission of a notification with the data needed toprocess the notification.

[0432] In a still further example, a “smart event” notification canindicate not only that a file system is overutilized but, also, canidentify the respective host and the amount of degree ofoverutilization.

[0433] The use of smart events advantageously allows maintaining a validrepresentation of the SAN, e.g., a valid topology representation,without a need to “lock” data contained in a database regarding a changeuntil a subsystem that has been notified of the change has had theopportunity to access this data. For example, subsequent to thetransmission of a “smart” notification, indicative of a topology change,from the discover engine to the manager service, the discover enginedatabase can be updated without a need to consider whether the managerservice has completed handling the notification.

[0434] SAN Topology Recognition (Virtual SANs)

[0435] As discussed above, according to one practice of the invention,SAN manager 20 receives inband and outband data from scanners associatedwith hosts, and collates the data to generate a topologicalrepresentation of the SAN. Each host is connected, via one or moreadapters and via interconnect fabric 16, to one or more storage devices.The agent associated with each host utilizes the host's adapter todetermine the SAN elements, e.g., storage devices, with which eachadapter can communicate, i.e., the elements that the adapter can “see,”all as discussed above.

[0436] The information gathered by one host adapter is typically notindicative of all elements, e.g., storage devices, of the SAN to whichthe host has access. This is because communications between the adapterto any given storage device may be restricted by switches or switch-likeinterfaces on the interconnect, the storage devices and or the hostsdevices themselves. As noted previously, such switches or interfaces areoften employed to define “zones” within the SAN.

[0437] By way of example, FIG. 23 illustrates a host HOST1 having twoadapters ADPATER1 and ADAPTER 2. Through adapter ADAPTER1, the host cancommunicate, that is, it can “see”, only storage devices DISK1 and DISK2via a switch SWITCH1. In contrast, through adapter ADAPTER2, the hostcan communicate only with storage devices DISK2 and DISK3. Thus, thehost can only “see” a subset of the storage devices, and further, thedevices seen through one adapter form a different subset of the same“virtual” SAN as the devices than seen by the other adapter.

[0438] The SAN manager 20 utilizes a methodology described in moredetail below to disambiguate the information gathered through the hostadapters ADAPTER1 and ADAPTER2, and similar adapters on other hostsconnected to the SAN, to generate a topological model of the SAN. Thus,by way of example, the SAN manager 20 can infer that the reporteddevices DISK1, DISK2 and DISK3 belong to the same virtual SAN because ofthe overlap, i.e., DISK2, between the zones (SAN regions) in which theyfall.

[0439] The term “virtual SAN” is herein utilized to refer to thosedevices that are likely to belong the same SAN, even if they do notnecessarily make up the entirety of the SAN. More particularly, avirtual SAN can be said to comprise endpoints on the interconnect—towit, storage devices, bridges, routers hosts, and the like,—in a set ofregions, each of which has one or more common endpoints (typically,storage device ports) with at least one other region of that set.Elsewhere in this document, the term SAN includes virtual SANs, unlessotherwise evident from context.

[0440] A more complex scenario than that discussed above arises whenmultiple adapters of a host are linked via common ports of a fabricelement, e.g., a switch. For example, consider a scenario in which scansfrom a host indicate that its adapters see interconnect fabric switchports P1-P12, as follows:

[0441] Adapter A1 detects ports P1 & P2,

[0442] Adapter A2 detects ports P3 & P4,

[0443] Adapter A3 detects ports P5, P6, & P1,

[0444] Adapter A4 detects ports P11, P8, P9, P10 & P5,

[0445] Adapter A5 detects ports P3 & P12.

[0446] Though they do not have any ports in common, adapters A1 and A4are in the same virtual SAN, since they both can see one or more portsin common with other adapters (e.g., adapter 3).

[0447] A general approach for handling any degree of complexity is tocreate collections of ports that belong together, and then work witheach collection to ensure that all the ports that make up the collectionare associated with the same SAN. SAN assignment for each collection isbased on the following rules:

[0448] 1) If any port in a collection is already known (e.g., by the SANmanager 20) to be on an actual SAN, then all ports in the collection areassumed to be on that SAN and not on any virtual SANs.

[0449] 2) If none of the ports in the collection are known (e.g., by SANmanager 20) to be on an actual SAN, then the virtual SAN for the portwith the highest port number is used for all ports in that collection.

[0450] 3) If none of the ports in the collection are known to be on anactual or virtual SAN, then a new virtual SAN is created and used forports in the collection.

[0451] 4) If as a result of the above steps, a previously createdvirtual SAN no longer has any ports associated with it, that virtual SANis discarded.

[0452] A methodology for implementing these rules is depicted in FIG.24. A first step 311 is to create collections of ports that are onactual SANs or that form potential virtual SANs based on scaninformation in the discover engine 40 database. This is done bytraversing the database from hosts to internal controllers, gatheringall of the controller ports and then making calls via the operatingsystem, to determine which endpoint ports are seen by these ports. Thecontroller ports and the ‘seen’ ports are all added to this initialcollection, referred to here as the fromPortPool.

[0453] Once fromPortPool has been populated, the SAN manager 20 createstwo more collections called comparePorts and tempcollection.ComparePorts is seeded with a port from fromPortPool and then populatedwith any other ports in fromPortPool that see any ports in common withthe seed port. Tempcollection is initialized with the seed port and anyports seen by the seed port. The ports from fromPortPool that see anyports in common with ports in comparePorts are added to tempcollection,and the ports seen by these ports are also added to tempcollection.Checks are made to ensure that none of the collections—i.e.,comparePorts and tempCollection—contain any duplicates—i.e., a port isnot added to a collection if it is already in it.

[0454] Once the action described in the preceding two paragraphs hasbeen taken, tempcollection consists of a collection of ports that mayconstitute a virtual SAN. The procedure described in these paragraphs isrepeated by the SAN manager 20 over and over again using new comparePortand tempcollection collections until fromPortPool is empty. This resultsin a collection of tempcollection port collections. The next steps areto cleanup/establish the correct SAN-Port relationships for every portin each tempcollection as described below.

[0455] In a second step 313, for each collection of ports from the firststep, the manager 20 determines if any port in the collection is alreadyknown to belong to an actual SAN. This can be determined by reference tothe aforementioned manager databases, e.g., the discover engine databaseor, preferably, the topology database. If so, in step 315, the manager20 deletes all virtual SAN references for every port in that collectionand designates them all as being part of that same actual SAN.

[0456] If no port in the collection is already known to be assigned toan actual SAN (as determined in step 313), the manager in step 317determines whether a virtual SAN is currently assigned to any ports inthe collection. If not, in step 319, the manager creates a new virtualSAN, tempSan, as associates it with every port in the collection, e.g.,by populating the topology database.

[0457] If a virtual SAN had been assigned to any ports in the collection(as determined in step 317), the manager in step 321 (i) removes theSanPortRelationships identifier for every port in the SAN that is not inthe collection, (ii) in step 323, the SAN manager goes through each portin the collection and removes all SanPortRelationships except for thosethat reference tempSan, and (iii) in step 325, the SAN manager 20creates a new SanPortRelationship from tempSan to each port intempcollection that does not already have a relationship to it.

[0458] In step 327, the manager 20 removes all virtual SANs that nolonger have any ports.

[0459] Though the discussion above is directed to assignment ofinterconnect fabric ports to virtual SANs, those skilled in the art willappreciate that the techniques are equally applicable to assignment ofstorage devices or other SAN components seen by the hosts.

[0460] Maintaining and Updating SAN History Data

[0461] As noted above, in the illustrated embodiment, the SAN managerstores an internal model store 125 of the SAN topology. As illustratedin FIG. 25, that model store contains objects 126 representingcomponents of the SAN (e.g., hosts 12, storage devices 14, interconnectelement 16 a), their attributes and the interrelationships therebetween(e.g., assignment and/or accessibility of a host 12 to a storage device14). These objects can be arranged hierarchically or otherwise (e.g.,via link lists or other associations) to reflect relationships among theSAN components.

[0462] In the illustrated embodiment, the objects are object-orientedprogramming “objects,” though other programming constructs can be usedin addition or instead. Moreover, in the illustrated embodiment, theobjects are maintained both in a persistent database, as well as in aruntime form (e.g., in the random access memory of manager 20).

[0463] The SAN manager 20 additionally includes a historical model store128 that reflects a one-deep history (or, in alternate embodiments,still deeper) about specific components and/or relationships within theSAN—to wit, components and/or relationships that have recently changed.This information is used to during generation of displays enumerating(e.g., listing) the SAN componentry and/or showing its topology(collectively, “topology”), e.g., on the administrator console 52.

[0464] Specifically, in the illustrated embodiment, it is used toidentify (by way of non-limiting example, via highlighting, graying outor otherwise altering the appearance of) graphical objects representingcomponents and/or relationships that are new, missing, broken, needattention, have a changed attribute, or have attained a “suspect”status, e.g., since the time of the last generated display—and, moreprecisely, since the time the operator/administrator last asked thatsuch highlighting, graying-out or other identifications be cleared.

[0465] Such a display is depicted in FIG. 26. Shown there is ahierarchical display 151 of the type presented on theoperator/administrator console. This includes a graphical object (e.g.,icons) representing the SAN as a whole, to wit, element 153, andgraphical objects representing the components thereof, here illustratedas Components 1-6 (elements 155, 157, 159, 161, 163, 165). It will beappreciated that the specific form of the display can be varieddepending on operator preferences and needs. Moreover, it will beappreciated that representations other than graphical objects (e.g.,text labels, and so forth) may be used.

[0466] In the illustration, Component 3 (element 159) and Component 6(element 165) are color-coded to indicate that they were newly added tothe SAN since the last console presentation to theoperator/administrator and/or since the he last cleared the updates.Component 4 (element 161) is identified as missing (e.g., and likelyremoved from the SAN), while Component 2 (element 157) is identified assuspect. In the illustrated embodiment, a component is deemed “suspect”if its status has been reported inconsistently among the scans in whichit appears. Though color coding (or shading) is used in the illustratedembodiment, it will be appreciated that any range of visual, aural orother sensory indicators can be employed to identify the status ofdisplayed, updated components (e.g., Components 2, 3, 4, 6).

[0467] In contrast to having every object in model store 125 maintainstatus history for its respective component, reference objects 130(hereinafter, “HistoryData” objects) are (instantiated and) maintainedin the store 128 for only those SAN components whose statuses havechanged, e.g. since the time last displayed to theoperator/administrator and/or since the he last cleared the updates. Inthe illustrated embodiment, each HistoryData object 120 includes aunique identifier referencing the SAN object 126 to which it pertains,and further includes an indicator of the status of the underlyingcomponent (e.g., “new”, “missing”, “broken”, “moved”, “needs attention”,“attribute change” or “suspect”). Those skilled in the art willappreciate that other embodiments may use other statuses in addition orinstead (e.g., modified, offline, format degraded, etc.) It will also beappreciated that the HistoryData object may maintain additionalinformation (e.g., time stamps, etc.) Moreover, it will be appreciatedthat in the illustrated embodiment, no HistoryData object is maintainedfor objects (and underlying components) in model 125 whose status is“Normal”.

[0468] As above, the HistoryData objects can be object-orientedprogramming “objects” or other constructs suitable for these purposes.Also as above, the HistoryData objects are preferably stored in apersistent manner, as well in a runtime form.

[0469] The HistoryData objects are generated by the manager service 38or other functionality in the SAN manager based on a component's priorstatus and its current condition as reported by discover engine 40(which, in turn, is based on information contained in the scans thediscover engine receives from the agents). Thus, for example, an objectwhose prior status was “broken” and which is reported by the discoverengine as being “new” is assigned a status of “suspect” in acorresponding history object. More particularly, in one embodiment, thestatus of components as reflected by HistoryData objects is determinedin accord with the following table: Current State Reported ConditionResulting State Normal Normal Normal Normal New Not Valid Normal MissingMissing Normal Off-line Offline Normal Broken Broken Normal AttributeChanged Attribute Changed Normal Needs Attention Needs Attention NormalMoved Moved New Normal New New New New New Missing Missing New Off-lineOffline New Broken Broken New Attribute Changed Attribute Changed NewNeeds Attention Needs Attention New Moved Moved Missing Normal SuspectMissing New New Missing Missing Missing Missing Off-line Offline MissingBroken Broken Missing Attribute Changed Attribute Changed Missing NeedsAttention Needs Attention Missing Moved Moved Off-line Normal SuspectOff-line New Not Valid Off-line Missing Missing Off-line Off-lineOffline Off-line Broken Broken Off-line Attribute Changed AttributeChanged Off-line Needs Attention Needs Attention Off-line Moved MovedBroken Normal Suspect Broken New Suspect Broken Missing Missing BrokenOffline Offline Broken Broken Broken Broken Attribute Changed AttributeChanged Broken Needs Attention Needs Attention Broken Moved MovedAttribute Changed Normal Attribute Changed Attribute Changed New NotValid Attribute Changed Missing Missing Attribute Changed Off-lineOffline Attribute Changed Broken Broken Attribute Changed AttributeChanged Attribute Changed Attribute Changed Needs Attention NeedsAttention Attribute Changed Moved Moved Needs Attention Normal SuspectNeeds Attention New Not Valid Needs Attention Missing Missing NeedsAttention Offline Offline Needs Attention Broken Broken Needs AttentionAttribute Changed Needs Attention Needs Attention Needs Attention NeedsAttention Needs Attention Moved Moved Suspect Normal Suspect Suspect NewNot Valid Suspect Missing Missing Suspect Offline Offline Suspect BrokenBroken Suspect Attribute Changed Attribute Changed Suspect NeedsAttention Needs Attention Suspect Moved Moved Moved Normal Moved MovedNew Not Valid Moved Missing Missing Moved Offline Offline Moved BrokenBroken Moved Attribute Changed Attribute Changed Moved Needs AttentionNeeds Attention Moved Moved Moved

[0470] Of course, those skilled in the art will appreciate that otherembodiments might have different resulting states, depending on thecurrent state and reported condition of a component. Moreover, it willof course be appreciated that other embodiments may use other statesinstead or in addition.

[0471] No HistoryData objects are generated for components whose statusis “Normal.” Nor are any generated for those whose state is “Not Valid.”In the event the resulting state of a component is the latter, themanager service 38 generates a notification to theoperator/administrator and/or to a log file, at the same time removingthe component from the topology representation.

[0472] When the operator/administrator requests a topological display ofthe SAN, e.g., of the type shown in FIG. 26, the manager 20 can generategraphical objects 153, and so forth, representing components (andinterrelationships) in the internal model 125. It can, then, scan theobjects in the HistoryData object database 128 to determine whichgraphical objects require color-coding or other modification to indicatethe “new,” “suspect,” “missing” or other statuses. Those skilled in theart will, of course, appreciate that the display generation can proceedin reverse or other order based on the content of the stores 125 and128.

[0473] Likewise, when the operator/administrator requests that the modeldisplay 151 be updated to “clear” or incorporate the changes indicatedby color coding (or otherwise), e.g., to no longer highlight Components3 and 6 as new, to no longer display missing Component 4, and to nolonger display suspect Component 2, the manager 20 scans the store 128to determine which graphical objects in the display 151 require updateddisplay (e.g., with no highlighting).

[0474] In the illustrated embodiment, a different action is takendepending on the particular state of each displayed graphical object.For example, the table below list some exemplary states of objects in aSAN representation 151, and the actions taken uponadministrator/operator request for updating. Object's Current StateAction Taken Normal (no action) New Change the state to “Normal” anddelete HistoryData object) Missing Remove the object from the model anddelete HistoryData object) Suspect Change the state to “Normal” (anddelete HistoryData object) Off-Line (no action) Broken (no action)Attribute Change Change the state to “Normal” (and delete HistoryDataobject) Moved Change the state to “Normal” (and delete HistoryDataobject) Needs Attention Change the state to “Normal” (and deleteHistoryData object)

[0475] In addition to use in connection with presentation of the display151, objects in the HistoryData store 128 can be used by the manager 20in connection with internal determination of the SAN topology. Forexample, the manager 20 can send requests to the agents for re-scanningof components identified as “suspect.” By way of further example, themanager can wholly or partially delay processing of “new” or “missing”components pending acknowledgement by the operator/administrator via theaforementioned clear history operation, or the like.

[0476] LUN Selection for File System Extension

[0477] As discussed above, if a host 12 file system utilization exceedsa pre-defined threshold, its respective agent transmits a request to theSAN manager for file system extension. The agent determines thenecessity of transmitting such a request by periodically checking hostfile system utilization, e.g., at a pre-set interval determined by theoperator or otherwise. Alternatively, or in addition, it can monitorrequests made by the host to its file system and/or monitor the LUNsassigned to the host as part of that file system.

[0478] Upon receipt of an extension request from an agent, the SANmanager 20—and, particularly, policy engine 38A (FIGS. 7A and7B)—determines if the host is eligible for file system extension and, ifso, whether any of the storage devices (LUNs) accessible to it (andavailable for assignment) meet the extension criterion for that host. Ifaffirmative on both counts, the manager 20 assigns the requisite LUNs tothe host in the manner described above.

[0479] More particularly, in the illustrated embodiment, when the filesystem monitor 80 (FIG. 17) detects that a the file utilization of ahost has exceeded a pre-defined threshold, for example, via receiving amessage from the host's respective agent, an event is sent to theSANStorAuto 78. The policy engine 38 a receives this event anddetermines if the file system can and/or should be extended, or if onlynotification is required. If the file system should be extended, thenthe policy engine determines what LUN to use and requests that the LUNbe assigned to by the SANLunMgr 72. Once the LUN is assigned, a FileSystem Extension service (SANAgenFSExtend) 84 is called to perform theextension by utilizing the host local operating system to extend thefile system onto the newly assigned LUN. As used herein, a file systemis that aspect of the host operating system or otherwise that manages orotherwise effects access by the host to files and other information onthe assigned storage devices (LUNs) in the conventional manner.

[0480] In the illustrated embodiment, both the host eligibility andextension criteria are set by the operator/administrator on ahost-by-host basis, or based on a hierarchical host group structure, asdiscussed below, though they can be set by default (e.g., based oncharacteristics of the host) or otherwise. For example, using the GUIinterface 98, the operator/administrator can define certain hosts asineligible for file system extension, in which case overutilization bythose will have the conventional consequences (e.g., file systemwarnings and/or errors). Likewise, the operator/administrator can defineother hosts as eligible for extension and, more particularly, can definethe minimum (lower bound) and maximum (upper bound) available storagecapacity of any storage devices assigned the host for that purpose.

[0481] Upon receipt of a file extension request on behalf of an eligiblehost, the SAN manager selects from among the storage devices accessibleto that host based on that minimum and maximum as follows. Referring tothe flow chart 152 of FIG. 27, in step 154, the SAN manager identifiesindividual storage devices (LUNs), accessible to the host and otherwiseavailable for assignment to it (e.g., in the manner described above),whose available storage falls within the range defined by the minimumand maximum. In the case of a host that utilizes a RAID file system withstriping, the SAN manager identifies such storage devices where therange of available storage falls between the minimum divided by (s) andmaximum divided by (s), where (s) is the number of stripes specified forthat file system.

[0482] In step 156, the manager selects, from among the identifiedstorage devices (LUNs), the storage device that has a maximum storagecapacity, and assigns this storage device to the requesting host, forexample, in a manner described above in the section entitled “LunManagement.” Further, in some embodiments, the manager can make thisselection and assignment from among storage devices of specific type orcharacteristic (e.g., as defined for the host by theoperator/administrator or otherwise).

[0483] In the absence of any storage device with a storage size in arange between the lower and the upper capacities (both, divided by (s),in the case of a striped file system), in step 158, the manager selectsa pair or other combination of accessible and available storage deviceswhose combined storage capacity equals or exceeds the minimum (dividedby (s), in the case of a striped file system) for the host in question,but does not exceed the maximum (divided by (s), in the case of astriped file system) for that host. In one embodiment, the managerbegins this selection process with an accessible/available storagedevice having the largest storage capacity. The manager continues byselecting additional storage devices, for example, in a descending orderby storage size, until the combined storage capacity of the selectedstorage devices equals or exceeds the minimum storage capacity and doesnot exceed the maximum (again, where both the minimum and maximum aredivided by (s), in the case of a striped file system). If a suitablecombination of two or more storage devices is found, in step 160, themanager assigns the selected storage devices to the requesting host.

[0484] In addition to storage size, accessibility and availability, themanager can employ other criteria for selecting a storage device forassignment to a host requesting file system extension. For example, theSAN manager can eliminate from the selection process any storage device(LUN) whose assignment to the host in question (or any host) in responseto a previous file extension request, had failed—e.g., as a result ofhardware failure, software failure or otherwise. The removal of suchstorage devices from selection menu can advantageously ensure a moreefficient file system extension by minimizing the probability that theassignment of a selected storage device that may fail a second (orsubsequent) time.

[0485] In some embodiments of the invention, one or more storage devicescoupled to the SAN utilize RAID (Redundant Array of Independent Disks)storage systems in which part of the physical storage capacity isemployed to store redundant data or corresponding control information(e.g., error checking codes). As known in the art, RAID systems aretypically characterized under designations such as RAID 0, RAID 1, RAID2, RAID 5, and so forth.

[0486] Typically, the disks are divided into equally sized addressareas, typically referred to as “blocks.” A set of blocks from each diskthat have the same unit address ranges are referred to as “stripes”.RAID 0 architecture relates to a disk system that is configured withoutany redundancy. RAID 1 architecture utilizes mirror redundancy, and RAID5 architectures employs parity-type redundant storage. For example, in aRAID 5 system, data and parity information are distributed across all ofthe system disks. In a RAID 5 system, each stripe includes N blocks ofdata and one parity block. A RAID ‘0+1’ system, as used herein, employsmultiple mirror redundancies for each stripe, and a RAID ‘1+0’, as usedherein, employs multiple stripes for each mirror redundancy.

[0487] When extending a software RAID file system of a host, it istypically necessary to assign multiple storage devices (LUNs) of thesame size to allow for redundant data storage. The SAN manager utilizesa methodology described below to determine the number of storage devices(LUNs) of the same size that are needed for assignment to a host, havingaccess to a RAID file system, that is requesting file system extension.

[0488] In particular, the SAN manager utilizes the following algorithmto determine the number of storage devices (LUNs) to be assigned fordifferent RAID file systems:

[0489] For a Raid=‘1’ file system having a number of mirror redundancies(m), the manager determines the number of LUNs (n) in accord with therelation:

n=m+1

[0490] For a Raid=‘0’ file system having a number of stripes (s) greaterthan 1, the manager determines the number of LUNs (n) in accord with therelation:

n=s

[0491] For a Raid=‘5’ file system having a number of stripes (s) greaterthan two, the manager determines the number of LUNs (n) by in accordwith the relation:

n=s

[0492] For a Raid=‘0+1’ file system having a number of stripes (s) and anumber of mirror redundancies (m), the manager determines the number ofLUNs (n) by in accord with the relation:

n=s*(m+1)

[0493] For a Raid=‘1+0’ file system having a number of mirrorredundancies (m) and number of stripes (s), the manager determines thenumber of LUNs (n) by in accord with the relation:

n=(m+1)*s

[0494] Large Scale Mechanism for Rendering a SAN Topology

[0495] As discussed above, the SAN manager (FIG. 15, item 20) provides agraphical user interface (GUI) to display components of the SANtopology, such as, the hosts, the storage devices, along with theirinterconnections and attributes. Particularly, as an example of a GUIutilized by the SAN manager 20 of the invention, FIG. 16 illustrates adisplay 100 in a portion of which a storage device, and its selectedattributes (e.g., serial number, product Id) are shown. The storagedevice is identified in a first panel, while its selected attributes aredisplayed in a second panel that is vertically separated from the first.Selection of the storage device in the first panel (by clicking on theicon representing the storage device) results in the display of itsproperties in the second panel.

[0496] In the illustrated embodiment of the invention, the SAN manager20 drives a GUI to render large SAN topology configurations using ahierarchical, multi-view approach. The hierarchy is based on division ofthe SAN topology into “segments” which are separated from one another bythe elements that make up the interconnect fabric 16, e.g., switches,hubs. The segments are then layered in a structural arrangement thatallows the manager 20 to generate a display that hierarchically presentsthe SAN topology. As used here, a segment refers to portion of the SANcontaining multiple components (e.g., hosts 12, storage device 14, SANmanger 20)—typically, though not necessarily, interconnected—whetherrepresented as (i) individual components and/or (ii) one or more furthersegments. At a high hierarchical level, a segment can refer to theentire SAN or even multiple SANs in an enterprise (see, for example,FIG. 28). At a low level, a segment can refer to an individualcomponent. At intermediate levels, it can refer to segments of the typeillustrated in the main panels of FIGS. 29-32.

[0497] The manager 20, using for example the interface illustrated inFIG. 15 and/or the NetView interface functionality shown in FIG. 6,generates a display of the segment layers comprising the SAN topologyrepresentation on the operator/administrator console consoles 22 a, 22 b(or other graphical HMI devices of the type discussed above inconnection with FIG. 2). In the illustrated embodiment, the displaycontains multiple panels. The main panel depicts a current segment orlayer of the hierarchy. One or more navigation panels (each containingone or more icons), e.g., located along the bottom and/or side of thedisplay, permit traversing of the hierarchy.

[0498] In the main panel, the manager 20 presents graphical objects(e.g., icons) representing the devices or segments at a current level ofthe and the elements that make up the interconnect fabric 16 thatconnect those devices or segments. The manager 20 responds tooperator/administrator selection of those icons for selectivelypresenting lower layers (drilling down) into the hierarchy, ordisplaying properties of the selected element. Further understanding ofthe illustrated embodiment can be realized from the discussion below.

[0499]FIG. 28 depicts a top-level (root) view 162 that comprises arepresentation of all the SANs 166 known to the SAN manager describedabove. The view 162 contains one or more graphical objects (e.g., icons)164, each representing one of the SANs 166 known to the SAN manager 20.A detailed view of a particular SAN and its components can be displayedby selecting the corresponding graphical object 164 residing in thenavigation panel. It will be appreciated that the specific form of thedisplay can be varied depending on operator preferences and needs.Moreover, it will be appreciated that representations other thangraphical objects (e.g., text labels, and so forth) may be used.

[0500]FIG. 29 depicts the detailed SAN view 168 that is displayed uponselection of the corresponding graphical object (FIG. 28, item 164). TheSAN view 168 contains a SAN map 170 (located in the main panel of thedisplay) that is a representation of elements 182, 184, 186 thatcomprise the SAN and are associated with that level in the hierarchy.The displayed elements are graphical objects that represent two switches182, 186, and an interconnect element 184 that have correspondingsegment maps and an interconnect element map.

[0501] Graphical objects 176, 178, 180 (located in the navigation panelof the display) are provided for selecting and displaying detailed viewsof a particular segment map, or interconnect element map. Alternatively,items 182, 184, and 186 (displayed in the main panel) can be selecteddirectly to display a particular segment map. For example, by selectingthe interconnect element graphical object 178, the corresponding map(FIG. 30 described below) is displayed.

[0502] By selecting the various graphical objects, an administrator cantraverse the layers of segments that make up the hierarchy. Recoveryback to higher levels of the hierarchy can be achieved by selecting theroot graphical object 172 or the SAN graphical object 174, which revertsthe display to that depicted in FIG. 28 and FIG. 29 respectively.

[0503]FIG. 30 depicts the interconnect elements 188 that are displayedas a result of selecting the interconnect element graphical objects(FIG. 29, item 178 or item 184). The interconnect element map 194(located in the main panel of the display) contains graphical objects196, 198 for each of the interconnect elements (switches and hubs) inthe SAN. Graphical objects 190, 192 are also provided in the navigationpanel for traversing the different levels of the hierarchy. Selecting agraphical object 196, 198 on the map 194 displays the properties of thespecified interconnect element.

[0504] The illustrated embodiment provides multiple types of segmentmaps. One is the interconnect element segments (FIG. 30, discussedabove) which are accessed from the SAN map (FIG. 29, discussed above).These maps contain the interconnect element and the devices directlyconnected to the interconnect element as well as the connections (FIG.31, discussed below). Another type of segment map is the default segmentthat is used when there are no interconnect elements in the SAN. Thissegment simply contains the set of devices that comprise the SAN.

[0505]FIG. 31 depicts a segment map display 200 containing a set ofdevices 206, 212, 214, 216, 218, and interconnect elements 208, 210.Graphical objects 202 are provided for traversing the associated levelsof the hierarchy. The segment map 204 could be displayed, for example,as a result of an administrator selecting the segment graphical object(FIG. 29, items 186 or 180) on the SAN map (FIG. 29, item 170).

[0506] The displayed map 204 contains a graphical object for theinterconnect element 208, and graphical objects for each of the devices212-218 connected to the switch 210. The devices 212-218 can comprisehosts, storage devices, and other elements. Each of the devices 212-218is connected to a respective port on the switch 210. Item 206 denotesthat there are multiple devices connected to a particular port on switch210, and therefore comprises a segment of its own. Selecting item 206 inthe main panel displays the corresponding map shown in FIG. 32.

[0507]FIG. 32 depicts a ring segment 220, which is another type ofsegment map that is used when there is more than one device 228-238connected on a particular port of a switch 226. Instead of displayingall of the devices on the interconnect element map they are insteadrepresented by a nested ring segment graphical object (FIG. 31, item206). Selecting (drilling into) the graphical object displays thedevices 228-238 that comprise the ring segment 224.

[0508] In some embodiments of the invention, the selected status ofcomponents or interconnects is displayed in alternate form, e.g.,highlighted with different colors, blinking, or having a textualmessage, to indicate the particular status, e.g., failed, missing,suspect, etc. In addition, the display of segments containing suchcomponents can be similarly altered to reflect that they containcomponents or interconnects of such status, e.g. failed. For example,referring to FIG. 32, a failure of item 238 results in the failurestatus getting propagated through all of the screens presented by thedisplay. The failing device 238 on segment map 224 results in the upperlevel maps indicating a failure within the hierarchy. Selecting theicons at each level that indicate failure status will eventually reachthe map showing the failed component 238.

[0509] In still other embodiments of the invention, there is provided a“default” segment that is displayed as containing all devices (e.g.,hosts and storage devices) for which the SAN manager 20 does not haveconnection information.

[0510] Hierarchical File System Extension Policy

[0511] As noted previously, the manager 20 utilizes a “policy” to extendfile systems on host machines 12. Thus, for example, referring to FIG.27, the manager 20 responds to a file system extension request from anagent 24 to assign storage devices 14 to the associated host 12 based ona policy that establishes maximum and minimum extension size boundariesfor that host.

[0512] More particularly, in the illustrated embodiment, associated witheach host 12 is a set of attributes defining a policy for file systemextension. These include

[0513] a monitor flag indicating whether or not the file system of thehost is being monitored by its associated agent;

[0514] an extend flag indicating whether or not the host file system canbe extended;

[0515] a threshold value defining a point at which the host file systemis to be extended;

[0516] a LUN group defining storage devices onto which the file systemcan be extended;

[0517] an extension minimum size defining the minimum increment by whicha file system can be extended;

[0518] an extension maximum size defining the maximum increment by whicha file system can be extended;

[0519] a max file system size defining the maximum size a file systemcan be; and

[0520] an alert interval defining how often event notification isprovided.

[0521] Those skilled in the art will, of course, appreciate that otherattributes can be used, in addition and/or instead of the foregoing, todefine the policy for each host. Moreover, though the discussion belowis primarily focused on definition and application of attributes (and,thereby, policies) for hosts, these teachings are applicable, as well,toward definition of policies for other SAN components, such as storageunits (or LUNs) 14, as well as for interconnect elements 16.

[0522] Policy attributes for the hosts 12 are defined by default and/orby the operator/administrator, as discussed below in the sectionentitled “Display And Management Of A Policy Hierarchy.” Thoseattributes can be defaulted and/or assigned on a host-by-host basis.However, they can also be inherited from attributes assigned (by defaultand/or the operator/administrator) to any of several hierarchicalgroupings in which each host, group of hosts, or file systems belongs,so as to facilitate the definition and application of uniform policiesamong the hosts 12 (or other SAN components).

[0523] In the illustrated embodiment those hierarchical groupings are,proceeding from highest to lowest: (i) domain level or default policy;(ii) host group policy; (iii) host policy, and (iv) file system policy.The domain level is the root node in the policy hierarchy andestablishes the default attributes for all hosts 12 in the SAN. The hostgroup policy defines policy attributes for each host group, of whichthere can be zero, one or more—as defined by default (e.g., based onhost type, location, or other characteristics) or by theoperator/administrator. The host policy defines the policy attributesfor a give host and, by default, applies to all of its file systems. Afile system policy defines attributes of each file system maintained bya host. In alternate embodiments, greater or fewer hierarchical groupscan be employed, as can groupings other than or in addition to thoselisted here.

[0524] In the illustrated embodiment, policy attributes not defined at aspecific level in the hierarchy are inherited. Thus, each file systeminherits the policy attributes of the host in which it (the file system)resides, except for those attributes defined for that file system. Eachhost, in turn, inherits policy attributes of the host group in which itresides, except for those attributes defined for that particular host.Each host group, moreover, inherits policy attributes for the domainlevel, except for those attributes defined for that particular host.

[0525]FIG. 33 illustrates an example of a policy hierarchy 240 utilizedin the SAN manager 20 in accordance with an embodiment of the presentinvention. The SAN domain 242 is the root level of the policy hierarchy,and contains a set of parameters 244 that represent a fixed set ofpolicy attributes that are inherited by lower levels in the policyhierarchy 240, unless overridden at those levels.

[0526] Illustrated attributes 244 include a monitor flag, extend flag,threshold value, LUN group, extension minimum size, extension maximumsize, max file system size, and alert interval, all as defined above.Though as noted above other attributes can be used in addition orinstead. Sample values for these parameters are shown in parenthesis.For example, in the illustration a default value for the monitor andextend flags is “on”; a default threshold value is 90% and so forth.

[0527] Host group 246 defines a policy for two hosts 250, 254. Athreshold value 248 is established for this group that overrides thedefault threshold value 244 that was defined at the domain level 242.Therefore, both hosts 250, 254, and the file system 258 will inherit thenew threshold value 248 rather than the default attribute 244.

[0528] In the illustration, host 250 itself has a policy attribute thatoverrides the default LUN group attribute 244: here, specifying that anyfile system extension will utilize a LUN from the RAID1 group 252. Inaddition to the selected LUN group 252, the attributes pertaining to thefirst host 250 include the threshold value 248 defined by the host group246, and all other default attributes 244 defined in the SAN domain 242.The manager 20 utilizes these attributes when extending a file systemassociated with the first host 250.

[0529] The second host 254 overrides the extend flag default 244 bysetting a new value 256. The host 254 also inherits the threshold value248 from the host group 246. All of the other policy attributesassociated with the host 254 are inherited from the established defaults244 set in the SAN domain 242. The manager 20 to extend file systemsassociated with the second host 254 utilizes these policy attributes.

[0530] A policy is also created on the second host 254 for file system258. Attribute values are explicitly set for the extend flag 260, maxfile system size 262, and the alert interval 264. The file system 258therefore does not inherit the extend flag value 256 that was set by thesecond host 254, because the explicit setting of the extend flag 260overrides the earlier setting 256. The remaining attributes areinherited from the defaults 244 set in the SAN domain 242.

[0531] Host group 266 defines a policy for multiple hosts 270, 272, 274.A new threshold value 268 is defined that overrides the predefineddefault threshold value 244. This results in host3 270, host4 272, andhost5 274, inheriting the new threshold value attribute 268. However,all other attributes will be inherited from the default list 244 asdefined in the SAN domain level 242. Specifically, the multiple hosts270, 272, 274 associated with the host group 266 have the followingattributes in their policy definition: monitor flag (on), extend flag(on), threshold value (85%), LUN group (any), extension minimum size (1GB), extension maximum size (10 GB), max file system size (30 GB), andalert interval (1 day).

[0532] The host 276 is not included in a host group 266, 246, andtherefore inherits all the predefined attributes 244 from the SAN domain242, except for those explicitly set. In this instance, the host 276 hasexplicitly set attribute values for a threshold value 278, LUN group280, and max file system size 282.

[0533] In the illustrated embodiment, the policy hierarchy isrepresented by a hierarchy of object oriented programming (OOP) objectsor other in runtime data structures. It is likewise persisted to adatabase (not shown), e.g., in the manner described above in connectionwith FIG. 13. In operation, the manager 20 access these runtime datastructures and/or database to discern a policy for file systemextension, e.g., in connection with the processing sequence describedabove in connection with FIG. 7A.

[0534] Display and Management of File System Extension Policy Hierarchy

[0535] As discussed above, the SAN manager (FIG. 15, item 20) provides agraphical user interface (GUI) to display components of the SANtopology, such as, the hosts, the storage devices, along with theirinterconnections and attributes. Particularly, as an example of a GUIutilized by the SAN manager 20 of the invention, FIG. 16 illustrates adisplay 100 in a portion of which a storage device, and its selectedattributes (e.g., serial number, product Id) are shown. The storagedevice is identified in a first panel, while its selected attributes aredisplayed in a second panel that is vertically separated from the first.Selection of the storage device in the first panel (by clicking on theicon representing the storage device) results in the display of itsproperties in the second panel.

[0536] Continuing the discussion from the section entitled “File SystemExtension Based On A Hierarchical Policy Having Attribute Inheritance,”the manager 20, using for example the interface illustrated in FIG. 15and/or the NetView interface functionality shown in FIG. 6, provides agraphical user interface (GUI) on which the policy hierarchy isdisplayed and through which the policy attributes can be set or modifiedby the operator/administrator. The manager 20 generates the display soas to present the policy hierarchy and corresponding attributes in afirst panel, while presenting list controls, dialog boxes or othereditable fields for each policy and attribute value in a second panel(e.g., separated vertically from the first panel). As fields of thesecond panel are modified by the operator/administrator, thosemodifications are immediately presented in a refreshed hierarchicalpolicy view on the first panel. In the illustrated embodiment, themanager maintains a constant display of policy attributes values at eachlevel in the hierarchy, making the policy visible for all levelssimultaneously.

[0537]FIG. 34 illustrates a GUI generated by manager 20 for purposes ofdisplay and management of a policy hierarchy 284 in accordance with anembodiment of the present invention. The display 284 is separated intotwo vertical panels 286, 288, though will be appreciated that otherscreen arrangements may be utilized (e.g., horizontal panels, cascadingpanels, and so forth).

[0538] In the first panel 286, the manager 20 presents a hierarchicalgraphic 290 (in this case, in tree form—though other forms can be usedinstead or in addition) that represents the entire policy hierarchy forthe SAN and the attribute values for each policy level. To avoidclutter, only override values are shown at each level, except for thedomain level where all values are effectively “overrides.” Thus, forexample, branch 291 depicts all policy attributes at the domain level,while branch 292 depicts only the override values for Host Group A hostgroup policy level (with items 294, 296, and 298 specifying the specificoverrides for that group). For convenience, levels for which all valuesare inherited can be marked with a designator such as “(All propertiesinherited).”

[0539] The second panel 288 presents a plurality of editable fields 300for all policy attributes for a policy level selected in the firstpanel, in this case policy 292. Through edit fields 300, the manager 20permits the operator/administrator to modify the policies and inheritedattribute values 290. Modifications made in any of the editable fields300 in the second panel 288, are immediately represented in a refreshedview of the hierarchical policy structure 290 in the first panel 286.Moreover, any changes made to a value, in say, a host group level 292changes the inherited value of that property on its associated hosts(host3).

[0540] For example, selection of a particular policy 292 in the policyhierarchy structure 290 displayed in the first panel 286, results in thedisplay of editable fields 300 in the second panel 288 that correspondto attributes 302, 304, 306 and inherited attribute values of thatpolicy 292. Changes made by an operator/administrator to the thresholdvalue 302, alert interval 304, and maximum file system size 306 in thesecond panel 288 are immediately reflected in the corresponding values294, 296, 298 in the policy hierarchy structure 290 displayed in thefirst panel 286.

[0541] Moreover, the modifications made to items 294, 296, 298 areinherited by the associated hosts (host3) of that host group 292. Inthis instance, host3 inherits the alert interval 294, max file systemsize 296, and threshold 298 from host group 292. All the otherattributes of host3 are inherited from the default values at the domainlevel of the policy hierarchy 290.

[0542] LUN Masking on Windows NT Hosts

[0543] As discussed above, storage devices are assigned to the hostdevices 12 by the manager 20, which effects those assignments using theagents on the respective host devices. Referring back to FIG. 10 and theaccompanying text, assigned LUN IDs are communicated to the hosts viathe disk manager 76, which updates the filter drivers 79 on therespective hosts. When a host file system makes an attempt to mount astorage device, the filter driver 79 (FIG. 10) intervenes, comparing anidentifier of the device being mounted against the assigned LUN IDs. Thedriver 79 fails devices for which there is not a match and succeeds (orat least passes for normal treatment by the operating system) those forwhich there is a match.

[0544]FIG. 36 depicts a storage driver architecture of the Windows™ NToperating system of an exemplary host 12 modified in accordance with theinvention to provide these features, referred to elsewhere herein as“LUN masking.”

[0545] The illustrated portion of the modified operating system 350comprises a storage class driver 352 and port driver 356 of theconventional variety known and used in the art for the Windows™ NToperating system. In alternate embodiments, commercial or proprietarydrivers providing like functionality can be used in addition or instead.

[0546] Generally, storage class driver 352 and port class driver 356operate in the conventional manner to translate IRPs from the filesystem to appropriate form for transfer to the host bus adapter (seeFIG. 23, ADAPTER1 & ADAPTER2) associated with the attached storagedevices (FIG. 23, DISK1-DISK3). More particularly, the storage classdriver 352 uses the SCSI port/class interface to control one or moredevices 14 on any bus for which the system provides a storage portdriver 356. The port driver 356 serves as an interface between classdrivers 352 and the host bus adapter (HBA) (FIG. 23, ADAPTER1) that isconnected to one or more storage devices (FIG. 23, DISK1-DISK3). TheSCSI port driver 356 receives SCSI request blocks (SRBs) fromhigher-level drivers (e.g., class driver, filter driver), and translatesthe SRBs into bus-specific commands that are then transferred to an HBA.An adapter-specific SCSI miniport driver is coupled to the port driver356, and provides support for the particular SCSI HBA.

[0547] In the illustrated embodiment, filter driver 354 is interposedbetween storage class driver 352 and port driver 356. The filter driverincludes a table 354 a, or other data structure, listing LUN IDs thathave been assigned to the associated host. The table is loaded andupdated by the disk manager 76 (which typically communicates with thefilter driver 354 and table 354 a via a user mode applications program(not shown)) as discussed further below and can be persisted in aconventional manner, e.g., via a database or other persistent storage,not shown. (In alternate embodiments, rather than listing LUN IDs ofdevices that have been assigned to the host, the table 354 a list LUNIDs of devices that from which access by the host to be blocked. Suchalternate embodiments operate in the manner discussed herein, asappropriately modified to account for this difference in table content).

[0548] In normal operation, e.g., during boot-up of the Windows NToperating system or when the ports are otherwise scanned during systemoperation, the SCSI port driver 356 queries the SCSI bus to identifydevices that are in communication with host 12. The port driver 356 thenloads the SCSI addresses (each comprising multiple fields, e.g., port,bus, target id, logical unit number) of found devices (e.g., LUNs) intoa port driver structure, and updates the Windows NT registry. The portdriver also generates a physical device object for each identifieddevice.

[0549] Continuing, in normal operation, the SCSI class driver 352 (aconventional Windows NT storage class driver) traverses the list offound device addresses, and issues claim requests to the port driver 356for each of them. Normally, the SCSI port driver 356 responds to each ofthose requests by noting that the device is available to be claimed. TheSCSI class driver 352 then creates a device object, making way for thefile system or other aspects of the operating system (or anyapplications executing thereon) to access the device.

[0550] The filter driver 354 selectively intercedes in this process byintercepting the port driver response to claims issued by the classdriver 352 for fiber channel devices. For such claims, the filter drivercompares the identified devices against the LUN IDs listed in the datatable 354 a. More particularly, for each LUN ID in the table 354 a, thefilter driver 354 applies the associated algorithm (which, as notedelsewhere herein) is part of each LUN ID) to the identifying informationcontained in each claim (or otherwise obtained for the underlyingdevice, e.g., from its Page 83 h and/or Standard Page information, forexample, obtained via the port driver 356), and compares the result withthat LUN ID. If a match occurs, this indicates that the device has beenassigned by the manager 20 to the associated host.

[0551] The filter driver 354 lets these claim requests (i.e., those forwhich there was a match) pass to and from the class driver 352 and portdriver 356 in the normal course, such that the latter returns a normalsuccess code (for assigned LUNs otherwise available for claiming) andsuch that the former generates a corresponding device object.

[0552] If no match occurs for any of the LUN IDs in the table, i.e.,where an attempt is made to claim a LUN that has not been assigned, thefilter driver 354 forces a failure return by the port driver 356, thus,preventing creation of a device object.

[0553] In this manner, the filter driver prevents the class driver 352from creating disk objects—e.g., at system boot-up or whenever the portdriver 356 is otherwise scanned—for devices not listed in the table 354a and, thereby, prevents the file system (or other aspects of theoperating system of the host, or any applications executing thereon)from accessing fiber channel devices other than those assigned by theSAN manager 20.

[0554] In the event that a storage device, which was initially notassigned to the host, is subsequently assigned, e.g., at the request ofan operator/administrator request via the SAN manager GUI, the diskmanager 76 updates the filter driver table 354 a to reflect the currentlist of assigned (or unmasked) LUNs. The filter driver 354 (or otherfunctionality in the agent 24 operating on the host) then invokes theport driver 356 to re-claim all storage devices 14 identified by theport driver 356 as being connected to the host. In this regard, thefilter driver 354 simulates the operation of the class driver 352 atboot-up.

[0555] The filter driver 354 accomplishes this task by initiating“FIND_NEW_DEVICE” (or equivalent) calls for all SCSI addresses in theport driver structure. All claim requests for previously claimed devicesfail, as do those for already masked devices. The claim requests fornewly unmasked LUNs succeed, and the SCSI class driver 352 creates thenew corresponding disk objects.

[0556] In the event that a storage device which was initially assignedto the host is subsequently unassigned, e.g., at the request of anoperator/administrator request via the SAN manager GUI, the disk manager76 updates the filter driver table 354 a and the filter driver 354initiates a request to the host operating system to mark the disk objectfor the newly unassigned device as unusable.

[0557] A further appreciation of the operation of the illustratedportion of the modified operating system 350 may be attained through thediscussion that follows.

[0558] A list of LUNs is stored and maintained in a common storage area,e.g., Windows NT registry. The list is used to communicate changes tothe accessibility (such as assignment or unassignment) of LUNs to theoperating system. During an assignment or an unassignment, the list isupdated and the disk manager 76 notifies the filter drivers 354 of thechange. A LUN is considered assigned when the device object isaccessible (unmasked) to the system. A LUN is considered unassigned whenthe device object is inaccessible (masked) to the system. The managementof LUNs is thereby performed without changes to the hardwareconfiguration, and without re-boot.

[0559] An assignment is achieved by first, updating the LUN list in thecommon storage area (Windows NT registry) with the particular LUNs toassign. Then an I/O control (IOCTL) that corresponds to the filterdriver 354 is sent to communicate the assignment to each LUN. When thefilter driver 354 receives this IOCTL for any device that matches thedevices in the list of assigned LUNs, the device is unmasked. If a diskclass object already exists for the LUNs, then all the objects are madeavailable for access to the operating system. If a disk class objectdoes not exist, then the LUNs are claimed using an IOCTL to find newdevices. The actual masking bit is maintained in the device object, soany subsequent requests to the particular device object only require achecking of a bit rather than the entire registry.

[0560] If the current device object list does not locate the assignedLUN, a request to find new disk devices is sent through the I/O devicecontrol interface, i.e., IOCTL_DISK_FIND_NEW_DEVICES. TheIOCTL_DISK_FIND_NEW_DEVICES request determines whether another devicethat the driver supports has been connected to the I/O bus, either sincethe system was booted or since the driver last processed this request.If such a device is found, the driver sets up any necessary systemobjects and resources to handle I/O requests for its new device. It alsoinitializes the device on receipt of this request dynamically (i.e.,without reboot). Such a driver is assumed to support devices connectedon a dynamically configurable I/O bus.

[0561] This request generates a claim device to all the unassigned disksbehind a particular port. The filter driver 354 then prevents anyclaiming of device objects that have yet to be assigned by interceptingthe claim of each LUN, and comparing each LUN with devices available onthat port. If the LUN exists, they are made available and the filterdriver 354 makes the device objects available. Once a LUN is assigned,the operating system (e.g., Windows NT) maintains the device object forthe course of the system up time. Therefore, the port driver 356prevents an inordinate amount of device objects from being createdduring boot. If a disk device object cannot be claimed, it does notgenerate a device object. But if the LUN is found, the claim issuccessful, and a device object is created so that it can also then bechecked to see if it should be masked or unmasked.

[0562] To unassign a LUN, the common storage area (e.g., Windows NTregistry) is updated by removing that device's identification. A uniqueIOCTL is then sent to a filter driver (not shown) disposed “above” theSCSI class driver 352 to remove access to all device objects for the LUNthat is to be unassigned. When unassigning a previously assigned LUN,only that filter driver needs to be notified because its device objectshave already been created. This requires the submission of the IOCTLdedicated to that filter driver through the device I/O control API. Oncethe IOCTL is received, the disk id is checked against the registry, andif it no longer exists, the device object is masked from future I/Oactivity. If the unassigned LUN is later reassigned, the same filterdriver, again, only needs to be notified (again, because thecorresponding device objects already exists).

[0563] LUN Masking on Windows 2000 Hosts

[0564] In an embodiment of the invention for a Windows 2000 operatingsystem, LUN masking is performed on hosts 12 in a manner similar to thatdescribed above with respect to a host running the Windows NT operatingsystem.

[0565] The illustrated portion of the modified operating system 350 fora Windows™ host is architected and operated similarly to that describedabove with respect to the Windows™ NT operating system. LUN masking isperformed in a similar fashion to that described above for Windows™ NT,except that the filter driver 354 intercepts the class driver 352 claimsto storage devices (that are not assigned to the selected host 12), byblocking the claim requests generated by the class driver 352 in thefirst instance, rather than by blocking responses by the port driver 356to the class driver in response to such requests. As above, the blockingof claims requests in the Windows™ environment also prevents the classdriver 352 from creating device objects, thereby, preventing the filesystem (or other aspects of the operating system or any applicationsprogram executing thereon) from accessing unassigned devices.

[0566] According to the illustrated embodiment, the agent 40 preventsmasked LUNs from appearing in the Device Manger of the Windows™ 2000interface by setting a flag in the data structure normally sent by theplug-and-play manager (not illustrated) with the device state query. Inaddition, the illustrated embodiment prevents the plug-and-play managerfrom generating notifications to an operator of a host 12 from which amasked device has been removed. This is accomplished by setting a flagin the data structure normally sent by the plug-and-play manager alongwith the device capabilities query.

[0567] In an alternate embodiment for a Windows™ 2000 host, masking isaccomplished by modifying a data structure populated by the port driverto reflect LUNs (or other devices) that are attached to the host.

[0568] In normal operation of a Windows™ 2000 host, the plug-and-playmanager (which is a conventional component of the Windows 2000 operatingsystem) is initiated at boot-up and creates a data structure that itpasses to the SCSI port driver 356. The port driver 356 populates thatdata structure with information regarding all found devices (e.g., SCSIaddresses). The illustrated embodiment effects masking via the filterdriver 354, which removes from that data structure information regardingfiber channel devices not listed in the table 354 a. As a result,neither the plug-and-play manager nor the class driver become aware ofmasked devices and, hence, do not attempt to create disk objects forthem.

[0569] To “add” back a LUN that was previously masked, the plug-and-playmanager is initiated to create and send a new data structure to the portdriver 356 to be filled in. The plug-and-play manager is initiated byissuing from “user mode” a call to the filter driver 354, which itselfissues a kernel mode IO_INVALIDATE_DEVICE RELATIONS call. This causesthe plug-and-play manager to issue calls (IRPs) to the port driver 356,which causes refill of the data structure. Then the filter driver 354again intercepts the response from the port driver 356, and removes anyobjects from the data structure that correspond to masked devices. Thoseskilled in art will appreciate that any other sequence of calls suitablefor effecting refill of the data structure (e.g., DEVICE_RELATIONS) canbe utilized.

[0570] To mask a LUN that is already available a command (i.e., REMOVE)is sent to the plug-and-play manager from “user mode” that identifiesthe device to be removed. The plug-and-play manager then removes allstructures necessary for I/O (including disk objects). The filter driver354 is active at all times to prevent any rescan from filling the datastructure with a masked device.

[0571] To unmask a LUN, a “remove” command (e.g.,CM_QUERY_AND_REMOVE_SUBTREE) is issued to remove a device. Then a rescanis forced by opening the SCSI port drivers 356 and issuing to them aCM_RENUMERATE_DEVNODE command.

[0572] A further understanding of utilizing a device driver to mask LUNsin this alternate embodiment for a Windows™ 2000 host may be attachedthrough the discussion that follows.

[0573] To mask LUNs at the SCSI port level an upper filter driver 354 tothe SCSI port driver 356 is used. The upper filter driver 356 catchesPlug N Play request packets for devices on the SCSI port. The I/Orequest packet (IRP_N QUERY_DEVICE_RELATIONS) contains an array of alldevice objects attached to the SCSI port.

[0574] Using the first byte of the SCSI inquiry data, each device on theport is checked to make sure it is a disk and then if the device is adisk queried for the LUN ID. If the device should be masked, the lastdevice object in the array replaces the device object and the count oftotal devices is decremented. This effectively removes the masked devicefrom the array. If the device is not masked the device remains in thelist. After all masked disks have been removed the I/O request packet iscompleted and the list is then sent back up to higher-level drivers. Themasked disk devices are not visible to any driver higher than the filterdriver 354. As a result, the SCSI class driver 352 does not make deviceobjects for the masked devices, so the partitions on masked disks do notget mounted by the operating system.

[0575] The filter driver 354 does not change the SCSI port driver 356data. Therefore, the SCSI port driver 356 always has a list of alldevices on its ports. The filter driver 354 simply prevents masked LUNsfrom being assigned.

[0576] Once Windows 2000 is booted care must be taken when masking outLUNs to avoid a surprise remove. When an unmasked LUN needs to be maskeda user mode uninstall must be done to unmount the partitions and removethe disk safely from the plug-and-play manager. The SCSI bus is thenrescanned and the device driver removes the device object from the arrayafter a user mode uninstall of the disk has been completed successfully.

[0577] When a masked LUN needs to be unmasked the SCSI bus is rescanned.This unmasks the LUN since the device driver is not removing the deviceobject from the array. Then the I/O request packet is completed whichcauses the SCSI class driver 352 to claim the disk and mount thepartitions that reside on the disk.

[0578] Since the device driver is an upper filter driver 354 to the SCSIclass driver 352, any host bus adapters that use the SCSI protocol workwith this configuration. Fiber channel is an example of an adapter thatuses SCSI protocol.

[0579] Association of LUN ID with Physical Device Object Name

[0580] As evident throughout the discussion above, the SAN manager 20and agents 40 utilize the LUN IDs as identifiers for the storage devices(LUNs). Thus, by way of non-example, as discussed in the precedingsections, the disk manager 76 assigns LUNs to the hosts by loading theirrespective filter drivers 354 with the corresponding LUN IDs. The hostsare permitted to access LUNs whose LUN IDs are contained in the drivertables and are precluded from accessing the other LUNs.

[0581] By contrast, many functions within the host digital processors 12inherently utilize physical device names or addresses to identifyattached storage devices. For example, the plug-and-play manager withina Windows™ 2000 host identifies storage devices via physical deviceobject names that include, among other things, port number, path number,target number and logical unit number.

[0582] The illustrated embodiment provides a mechanism for readilyassociating these physical device names/addresses with the correspondingLUN IDs, thereby, facilitating use of built-in host functions—e.g.,plug-and-play manager detection services—to determine when the SANstorage devices have been added, removed, enabled, disabled, otherwiseaffected. Though the discussion here focuses on association of physicaldevice object names of the type used by plug-and-play managers in theWindows™ 2000 environments, those skilled in the art will appreciatethat the teachings are equally applicable to forming other suchassociations with this and other operating systems and operating systemfunctions.

[0583] Referring to FIG. 36 by way of review, in normal operation of aWindows™ 2000 host, the plug-and-play manager (PNP) queries the SCSIport driver 356 for information regarding all devices known by it. Theinformation includes data such as port number, path number, targetnumber, and logical unit number for each found device. The PNP manager386 generates from this a physical object for each device.

[0584] Subsequently, when the PNP manager 386 detects that a storagedevice has been added or removed, e.g., coupled or decoupled from theinterconnect 16, it generates an event. In a Windows™ 2000 environment,this is referred to as a “device change” event and includes a physicaldevice object name, to wit, a string with the host bus adapter (HBA)name, port number, path number, target number, and logical unit numberof the affected device. In embodiments operating on hosts with otheroperating systems, such an event may have a different name and/orcontent.

[0585] A user mode process executing on the host receives such PNPevents, so long as that process is appropriately registered with the PNPmanager. The process extracts the port number, path number targetnumber, and logical unit number from the physical device object name andconverts them to a form suitable for querying the device or itsinterface (e.g., the port driver and/or HBA) adapter for SCSI inquirydata, e.g., of the type contained on Page 83 h and/or Standard Page. Ituses this to open a handle to the device and obtain that SCSI inquirydata, e.g., by way of an IOCTL_SCSI_GET_INQUIRY_DATA call in theWindows™ 2000 environment or using a related or analogous call in otherenvironments.

[0586] Using the SCSI inquiry data and the information extracted fromthe physical device object name, the user mode process generates an LUNID using the algorithms discussed above in connection with FIG. 10. Inthis manner, it thereby forms an association between a physical deviceobject name and logical identifier, to wit, a LUN ID.

[0587] In the illustrated embodiment, the user mode process forms suchan association, e.g., for purposes of correlating the LUN ID included ina storage device assignment received from the SAN manager 20 with eventsgenerated by the host PNP manager. In this regard, the user mode processexecutes the algorithm identified within the LUN ID of the assigneddevice in order to convert the inquiry data and extracted informationinto a logical identifier. In alternate embodiments, the user modeprocess can exercise this or other LUN generation algorithms, e.g., forpurposes of matching a raft of identified LUN IDs or for other purposes.In the illustrated embodiment, the aforementioned user mode process is aPNP event listener, though it can comprise any code operating in usermode. Moreover, the mechanism discussed above can be used to associate aphysical device name or address of any device (disk or otherwise) with alogical identifier.

[0588] Fiber Channel Device Determination in Kernel Mode

[0589] As discussed above, in order to mask non-assigned LUNs, thefilter driver 354 intercepts claim requests made by the class driver 352to the port driver 356 or, conversely, the port driver response to thoseclaims. For such claims, the filter driver compares the identifieddevices against the LUN IDs listed in the data table 354 a, applying theassociated LUN generation algorithms and comparing the results todetermine whether the response should be passed or blocked. Because thefilter driver 354 executes in kernel mode in Windows™ NT, Windows™ 2000or other such hosts, operating system, adapter or storage devicelimitations may preclude the driver 354 from consistently determiningwhether any given claim is for a fiber channel device and, hence,subject to potential masking.

[0590] The illustrated embodiment overcomes this by utilizing a usermode process to detect fiber channel devices on the SAN and tocommunicate this to the filter driver 354 (or other functionalityoperating in the kernel mode) via the Windows™ registry. Morespecifically, upon deployment of the SAN and/or at the final phases ofhost boot-up, the user mode process identifies ports to which fiberchannel devices are connected and stores that information to the hostregistry. At early stages of a subsequent boot-up (which may occur sometime later), a kernel mode process validates those registry entries. Thefilter driver 354 operates as discussed above, e.g., maskingnon-assigned fiber channel devices, but also taking into accountinvalidity determinations made by the kernel mode process. The user modeprocess is re-executed to regenerate the registry (and, as aconsequence, eliminate invalid entries), issuing new claims for anydevices that were improperly masked by the filter driver 354, e.g., onaccount of the kernel mode process invalidity determinations.

[0591] Referring to FIG. 41, a process 374 executes on an exemplary host12 in user mode under the Windows™ NT, Windows™ 2000 or other suchoperating system. The user mode process 374 collects informationpertaining to the host's ports 382, and stores this to the Windowsregistry, or other persistent store 380 (e.g., a database) that can besubsequently accessed by the filter driver 354 or by other processesexecuting in the kernel mode. The collected information indicates eachport's number, whether the port supports a fibre channel adapter, andverification data. In the illustrated embodiment, the latter comprisesthe name of the manufacturer of the port's driver software, e.g., asobtained from a standard location of the Windows™ registry (i.e., otherthan that portion of the registry corresponding to store 380), thoughother information can be used in addition or instead.

[0592] To determine which ports are connected to fiber channel devices,the illustrated user mode process 374 calls a common user mode library376, e.g., of the type specified by the Storage Networking IndustryAssociation (SNIA). The user mode process 374 identifies the host'sother ports, i.e., those not connected to fiber channel devices, via theWindows™ registry (again, other than that portion of the registrycorresponding to store 380).

[0593] The user mode process 374 executes on the host during deploymentof the SAN agent 40 software and each time the host 12 is booted-up,specifically, at a late phase of the boot-up.

[0594] During a next boot-up of the host, which may occur minutes,hours, days, weeks or even longer after the user mode process 374 waslast executed (and, more significantly, after which the operator mayhave added, removed or switched devices and/or adaptors), the kernellevel process 378 is executed on the host to validate the store 380.This insures that the fiber channel identifications made by thepreviously run user mode process 374 are valid and, therefore, can beproperly used by the filter driver 354 later during (the same) boot-up,when the class driver 352 begins issuing claims to the port driver 356.

[0595] More specifically, the kernel mode process 378 (which may residewithin or outside filter driver 354) compares the driver manufacturename maintained in the store 380 for each port against the correspondingdata maintained in the standard location of the Windows™ registry (i.e.,in the same location previously used by the user mode process 374 toascertain those names). For each port for which the comparison isfavorable, the kernel mode process 378 stores a “valid” (or “not dirty”)flag. Conversely, for each port for which the comparison is notfavorable, the kernel mode process 378 stores an “invalid” (or “dirty”)flag.

[0596] In addition to the ports listed in store 380, the kernel modeprocess 378 detects whether the host is coupled to any other activeports. As above, this is accomplished via the standard location in theWindows™ registry. Ports identified in the standard location that arenot in store 380 are treated as invalid (or dirty) in the discussionbelow.

[0597] Subsequent to execution of the kernel mode process 378, the hostoperating system (class driver 352) begins making claims for devicesattached to ports, as discussed above. The filter driver 354 (which alsooperates in kernel mode) responds by intercepting and selectivelyblocking those claims, also as discussed above. In order to determinewhether a claim is potentially subject to blocking, i.e., whether it isa fiber channel device, the filter driver 354 retrieves from the store380 the entry pertaining the port identified in each claim. Thisincludes both the indication of whether the port is a fiber channel port(per the user mode process 374) and whether the entry has been validated(per the kernel mode process 378). The filter driver operates asdiscussed above, blocking claims for validated fiber channel devicesthat are not assigned to the host 12, while passing those for validatedfiber channel devices that are. It also passes claims for devices thatare validly indicated as not fiber channel. The filter driver utilizesthe invalid determination of the kernel mode process 378 (as reflectedby the store 380), for example, to pass claims to peripheral deviceswhose store 380 entries are invalid, unless those requests are for harddisk devices that are not designated as assigned to the host 12.

[0598] A more complete understanding of the operation of the filterdriver 354 may be attained by reference to the following truth table.VALID FIBRE HARD MASK REGISTRY CHANNEL DISK LUN DE- ENTRY PORT DEVICEASSIGNED VICE? N N N N N N N N Y N N N Y N Y N N Y Y N N Y N N N N Y N YN N Y Y N Y N Y Y Y N Y N N N N Y N N Y N Y N Y N N Y N Y Y N Y Y N N NY Y N Y N Y Y Y N Y Y Y Y Y N

[0599] Following completion of the “claims process,” i.e., when the hostoperating system makes claims for devices (which the filter driverselectively blocks), as discussed above, the host 12 re-executes theuser mode process 374. Since this occurs with respect to the currentconfiguration of the host ports, entries in the store 380 previouslyidentified by the kernel mode process 378 as invalid are properlyupdated. In the event that the user mode process identifies a port that(a) is connected to a non-assigned, non-fiber channel disk drive and (b)had a store 380 entry previously marked as invalid, the user modeprocess 374 causes a new, non-blocked claim to be issued for the deviceso that it can be properly accessed by the operating system.

[0600] A further understanding of the foregoing may be attained byreference to the discussion that follows.

[0601] In the illustrated embodiment, common user mode code is utilizedto use the common user mode interface 374 prior to an install of thefilter device drivers 354 on the operating system, and immediatelyfollowing a re-boot. The user mode code is only required once, becauseonce the active topology is known, changes to that topology are notnoticed until after a re-boot, especially on an operating system such asWindows NT and 2000. Although Windows 2000 adds the plug-and-playoption, the actual bus adapters cannot be hot plugged. Therefore, new orchanged bus adapters are only recognized after re-boot.

[0602] The first snapshot of the bus adapter topology is captured duringinstall. This provides an initial snapshot of the adapters 382 that areconnected to a SAN. Boot devices are not connected to a SAN and cannotchange without destroying the operating system boot start. Therefore,the concern for boot devices is gone because the initial snapshot whereboot drive exists never changes, and since all non-SAN connected devicesare never masked the boot device is available during every re-boot. Anymasking of the boot drive effectively destroys the system that is to beattached to a SAN.

[0603] The snapshots are stored in the Windows registry 380. The commonuser mode interface 374 identifies adapters 382 behind ports on aWindows operating system. Adapter drivers are written as SCSI-miniportdevice drivers on a Windows operating system, and when filtered, theyare viewed as a level below port device drivers 356. Thus, only a porttopology is required when faced with the Windows operating system. Sincethis information is stored by the Windows operating system afterchanging or adding a new adapter device, it accurately depicts the porttopology of the system. The snapshot that is captured is taken from theWindows registry, and stored into another registry entry that is uniqueto the filter device drivers 354. This is the validation informationthat is used to determine if the topology has been altered after theprior re-boot, or install. The actual identification information that isused is the response received by the common user interface on whether ornot a device is connected to a SAN. This identification information isstored along with the validation information.

[0604] A re-boot invokes the filter device drivers 354 to check if aport is connected to a SAN. The validation information is comparedagainst what is stored in the defined Windows hardware devicemap, and ifit is valid, then the type information is considered valid andpermanently stored for later reference (any future topology changes willrequire a system re-boot). If the validation information is not valid,then the filter device driver 354 will “dirty” the bad registryinformation so that the validation data information is no longer needed.This limits the validation of the data to one time during the bootcycle, once per active port. Any “dirty” ports are masked during theinitial boot. There is an exception though. Any port that has devicesthat are not disk devices 384 will unmask such devices during a claim ofthese devices while booting.

[0605] Immediately following a re-boot, the common user mode code isexecuted to update the registry and locate new devices resulting fromthe update. The filter device drivers 354 are notified during claimprocessing, and since the information is valid, the filter devicedrivers 354 filter only those disk devices 384 behind ports that areconnected to a SAN.

[0606] Ensuring Validity of Data from the Scanners

[0607] As noted above, the SAN manager 20 includes one or more fiberchannel (FC) discover engines 40, such as the discover engine 40 shownin FIG. 6, responsible for gathering topology and attribute informationfor the SAN components. The discover engine 40 receives and processesinformation gathered by one or more scanners, such as scanner 42, whichcollect in-band and outband information including host and deviceinterconnectivity (e.g., which storage devices are accessible to whichhosts and host file system utilization), host attributes (e.g., filesystem information, including identities of mounted storage devices),storage device attributes (e.g., storage capacities), and interconnectelement information. In addition to maintaining a one level-deep historyof scans from the scanners 42, the discover engine 40 notifies the SANmanager service module 38 of apparent changes, such as addition of a newhost or storage device, modification of attributes of a host or storagedevice, removal of a device, or change or removal of a relationshipbetween a host and a storage device.

[0608] As a consequence of the nature and number of scanners 42 and ofthe interconnectedness of the hosts and storage devices, the scans maynot be entirely consistent. For example, an inband topology scanner onone host 12 may detect a particular storage device 14 coupled to thathost 12 over the fiber channel interconnect, while an outband scanner onthat same host may not detect that device. The information does notmatch perfectly, since these two scanners are able to “see” or detectslightly different things in the host 12. As between the inband scannerson two different hosts 14, hardware invisible to one scanner may bevisible to the other scanner, e.g., due to the configuration of theinterconnect 16. This scenario is additionally complicated by the variedlocations of the scanners on the interconnect 16. To account forpotential discrepancies among scans, the discover engine 40 utilizes themechanisms discussed below to reconcile information received from thescanners 42 before notifying the SAN manager service module 38 ofapparent changes.

[0609] Generally, upon discerning from a scan that, for example, astorage device has apparently been removed, the engine 40 validates thechange using other scans. To facilitate identifying those scans, theengine traverses relationships reflected by a set of objects or otherdata structures that represent SAN components to determine which containinformation regarding the apparently removed device. Those scans can bechecked to see if they are in accord with the scan in which the changewas discerned and/or the scanners that generated the scan(s) can bere-executed.

[0610] More particularly, referring to FIG. 37, element 400 in thediscover engine 40 receives a scan from a scanner 42 and compares itagainst information previously received from that scanner 42 asreflected in a discover engine database 402 (which in the illustrationis depicted as containing the aforementioned one-deep history of scansfrom all scanners 42) or other store. If, as a result of thatcomparison, the element 400 discovers a change, e.g., in the hostassociated with scanner 42 or in the SAN topology “seen” from that host,the element can generate and forward to the SAN manager 20 servicemodule 38 notifications as discussed above in the section entitled“Event Processing.”

[0611] Depending on its type of change, however, the element 400validates the change before notifying module 38. Such validation isperformed in the illustrated embodiment for device or relationshipremoval events, though, in other embodiments other changes can bevalidated in addition or instead. It is performed using objects 406(referred to by the fanciful term “moid” objects), each of whichrepresents a respective scan, SAN component, component attribute orrelationship. These objects 406 may be object-oriented programming (OOP)objects or other data structures.

[0612] Validation is performed by element 404, which receives fromelement 400 notification of a change to be validated and/or the identityof the SAN component, attribute or relationship affected by the change.To validate a change indicating, for example, that a storage device hasbeen removed, element 400 passes to element 404 the identity of thatdevice, say, for example, “LUN 1.” Element 404 searches for a moidobject representing that LUN. The search can be performed in a store,database or other runtime or persistent store containing such storagedevice-representative moid objects and, depending on implementation,other moid objects as well.

[0613] Like the moid objects that represent attributes andrelationships, each storage device-representative moid object isassociated with a moid object that represents a scan. These associationsreflect which scans contain information about which component, attributeor relationship. As information regarding any given component, attributeor relationship may be contained in more than one scan, there may bemultiple moid objects for that component, attribute or relationship,each associated with a moid object for a different scan—or, dependingupon implementation, there may by only one moid object for thatcomponent, attribute or relationship with multiple associations to thedifferent scans.

[0614] In the illustration, associations are represented by dashedlines. The associations may be maintained in the moid objects themselvesand/or in an associated store, database or other runtime or persistentstore.

[0615] Continuing the example, by searching for moid objectsrepresenting a storage device that has been removed, the element 404identifies, through the associations, which scans contain informationregarding that storage device. Information pertaining to that devicefrom those scans can then be compared (e.g. by element 404) with theinformation being validated. No comparison need be made with the scanthat itself contains the information being validated. In case there isno discrepancy, the change that gave rise to the validation is indeedpassed to the manager service 38.

[0616] In case the comparison reveals there is a discrepancy, theidentified scans and/or the scan in which the change was initiallydetected can be re-executed, e.g., by way of request issued from element404. Alternatively, the apparent change can be ignored—as is the case inembodiments where removal events are ignored unless not contradicted byother scans.

[0617] The foregoing mechanism is used to validate information regardingnot only SAN components, but their attributes and relationships as well.A more complete understanding may be attained via the discussion thatfollows.

[0618] In order to perform the above diagnostics efficiently, thediscover engine 40 needs to associate each scanner with the storagedevices seen by that scanner. That is, the discover engine 40 needs tomaintain not only information regarding association of a host with oneor more storage devices but also information that links a scanner onthat host with those storage devices seen by that scanner.

[0619] The illustrated embodiment utilizes a methodology that allows thediscover engine 40 to maintain such data in a manner such that theneeded information, e.g., which scans previously saw a particularstorage device, can be retrieved in an efficient manner.

[0620] In general, a database or other storage environment can be usedto represent an “association” between two objects, as shownschematically below:

[0621] <object> . . . <association> . . . <object>

[0622] However, some of the information detected by a scanner is itselfrelationship information that indicates association between two objects.That is, scanners not only detect devices, but they also detect, interalia, relationships between devices, attribute information, and logicalentities, e.g., to which volume group a storage device belongs. Such anassociation between an object and another association can beschematically depicted as follows:

[0623] <object> . . . <association> . . . <relationship>.

[0624] The illustrated embodiment provides for the retrieval of suchinformation, by generating moid objects (or other data structures) foreach SAN component, attribute or relationship which may form part ofsuch an association. This means forming objects not only for storagedevices, hosts, and so forth, but also objects representing attributesand relationships, such as “Host 1 is assigned to LUN 1” or “Physicaldevice A contains LUN 4” or “LUN 1 is a fiber channel device.” Theseobjects can be stored in a persistent storage, e.g., an object databaseand each can hold a unique identification corresponding to the componentor association that it represents. In this manner, each scan, which isalso represented by an object, can be related to any informationdiscovered during the scan, whether it relates to a device or arelationship.

[0625] In the illustrated embodiment, the moid objects refer to tables(not shown) that are generated by the discover engine 40 on examinationof each scan. The are tables, for example, of scans, hosts, storagedevices, attributes and component relationships. To avoid confusionregarding identifiers referring to different moid objects, each moidobject in such cases can be identified by a unique key, for example, inthe form

[0626] <table name><unique Id>.

[0627] This provides some degree of flexibility in naming variousobjects corresponding to devices or associations. For example, an objectrepresenting a physical disk in a physical disk table and an objectrepresenting a logical disk in a logical disk table can be given thesame name without causing any confusion in distinguishing the twoobjects.

[0628] User Interface Architecture

[0629] As described above in the section titled “SAN Manager Console”,the console 52 (FIG. 6) provides a graphical interface that allows theSAN manager to view selected attributes of the SAN, such as, the SANtopology, and to submit commands, such as, refresh topology, to themanager 20. In some embodiments, software instructions for controllingthe console 52 is interwoven with the other SAN manager functions, e.g.,those of the aforementioned manager service. However, in the illustratedembodiment such control is implemented by a separate software module,“NetView,” a commercially available product of the assignee thatprovides user interface functionality, e.g., for the display of networkconfigurations. In other embodiments, still other modules (whetheravailable from the assignee or others) providing similar functionalitycan be can be used in place of NetView.

[0630] A SAN manager 20 of the illustrated embodiment utilizes asoftware architecture as generally shown in FIG. 6 and described infurther detail below to provide for operation of the console 52, here,referred to as the NetView console, via the NetView applications programinterface (API). Those skilled in the art will appreciate that theseteachings can be applied in controlling console 52 via other userinterface applications and their corresponding APIs. In the illustratedembodiment, NetView executes on the manager digital data processor,although it other embodiments it can execute on separate hardware (e.g.,in communication with the SAN manager 20 via an object request broker orotherwise). Though NetView may operate within the same processes asother SAN manager 20 functionality, it is referred to elsewhere hereinas a separate process to connote is modularity.

[0631] Communication from the NetView console 52 to the SAN Manager 20is initiated via the NetView Requester 60, which is an executablelaunched by the NetView console 52. This executable receives callbackrequests from the NetView console 52 and forwards these requests to theConsole Request Handler 62. In this exemplary embodiment, the NetViewRequester 60 transmits each call back notification received from theconsole 52 to the Request Handler 62 over a socket connection. Further,the information contained in the call back notification is preferablypresented in an XML format to provide flexibility in describing thedata. In the illustrated embodiment, the NetView Requester simplyforwards the information from the console 52 to the Handler 62 withoutany substantial re-formatting of the information received from theconsole 52. In alternative embodiments, the NetView Requester can mapthe information received from the console 52 onto a generic formatbefore its transmission to the Handler 62. This allows utilizing thesame Handler with different graphical consoles.

[0632] Although shown as a single block, the Request Handler 62 performsseveral distinct functions, and may be implemented as separateapplications. In general, the Request Handler 62 processes the eventsthat occur when a user, e.g., the operator/administrator, interacts withthe NetView console 52. For example, all menu operations, accessible viathe console 52, such as, launching a management application, areperformed via the Request Handler 62. The Request Handler 62communicates with the manager 20 and other services via the NetViewdaemon 56 and the SAN manager daemon 58.

[0633] The manager daemon 58 generally provides functions that allow theNetView console 52 to interface with the SAN manager 20. Some of thesefunctions can include, for example, retrieval of the SAN topologyrepresentation from the SAN manager 20, mapping a retrieved topology mapinto sub-maps, and handling action callbacks received from the Handler62. In the illustrated embodiment, the SAN manager daemon 58 utilizes anObject Request Broker, such as Voyager ORB, for inter-servicecommunication, such as, communication with the SAN manager 20. Thoseskilled in the art will appreciate that other communication protocolscan also be utilized.

[0634]FIG. 38 schematically illustrates functional components of anexemplary SAN daemon 56. A controller 56 a communicates with the RequestHandler 62 and the SAN manager 20 to process events received from theHandler 62. A Mapper 56 b maps topology information received from theSAN manager 20 into sub-maps, and a Message Sender 56 c is responsiblefor transmitting, for example, via a socket connection, the topologymapped by the Mapper 56 b to the NetView daemon 56 for viewing on theNetView console 52. GTM object wrappers 56 d can be utilized by theMapper 56 b for wrapping sub-map objects. The GTM object wrappers 56 dfurther provide helper functions to format GTM API functions into rawString messages to be transmitted by the Sender 56 c.

[0635] By way of example, FIG. 39 illustrates an information flow model364 that depicts the flow of information among the above components whena user, e.g., the operator/administrator, selects a Refresh Topologyitem from a menu presented on the NetView console 52. In response tosuch a selection, the NetView console 52 transmits an action event tothe NetView Requester 60. The NetView Requester 60 in turn forwards theaction event, e.g., as a request, to the Request Handler 62 thatprocesses the request and issues a refresh Topology message to the SANmanager daemon 58.

[0636] The manager daemon 58 establishes communication with the manager20, for example, via an ORB protocol, to retrieve the SAN topology datatherefrom. In some embodiments, the manager daemon 58 informs the mangerservice 38 of the user's security context to allow the manager 38 todetermine whether the user is eligible for viewing the requestedinformation. In addition, the manager daemon 58 maps the retrievedtopology information into sub-maps, and transmits the sub-maps to theNetView daemon 56.

[0637] Upon receiving the topology information, the NetView daemon 56compares the new topology representation with a topology representationpreviously stored in the NetView database, such as illustrated NetViewobject database 54 a (FIG. 6), to determine whether the stored topologydata requires updating. If the NetView daemon detects changes betweenthe new and the old topology representations, it updates the topologydata in the database 54 a. The console 52 presents this updated topologyinformation to the user.

[0638] A SAN topology model presented to the operator/administrator onthe NetView Console 52 may be updated as a result of theoperator/administrator's request in a manner described above.Alternatively, with reference to FIG. 6, the SAN topology model mayrequire updating when the SAN manager receives reports of topologychanges from the discover engine 40. In particular, as discussed above,one or more agents running on one or more hosts connected to the SAN canperiodically, or upon request by the discover engine 40 via the queryengine 46, obtain information regarding storage devices accessible totheir respective hosts, and transmit this information to the discoverengine 40. The discover engine 40 collates this information to determineany changes in the SAN topology, and if so, it reports the changes tothe SAN manager service 38.

[0639]FIG. 40 presents a flow diagram 366 that schematically depicts themanner in which this new topology data is transmitted from the SANmanager service 38 to the NetView console 52 for presentation to a user,e.g., the SAN administrator.

[0640] In particular, upon updating its database, the SAN manager 58sends a “discover finished” event to the SAN manager daemon 58. Thedaemon 58 in turn retrieves the new topology information from the SANmanager 38, and maps the topology information into sub-maps, asdiscussed above. Further, the SAN manager daemon 58 transmits thesesub-maps to the SAN NetView daemon 56. The NetView daemon 56 comparesthe new topology with a previous topology representation stored in itsdatabase to determine whether an update of its topology representationis needed, and if so, it performs the update.

[0641] Dynamically Extending File Systems

[0642] The illustrated embodiment dynamically extends host file systems,without requiring operator intervention and without downtime of the hostplatform 12. A mechanism for such automatic extension is discussedbelow. Though discussed in connection with specified file systems, e.g.,AIX journal file system, Veritas file system (managed under a Solarisoperating system), Unix file systems (created using Veritas volumemanager and managed under a Solaris operating system), it will beappreciated that similar mechanisms can be utilized with hosts operatingunder other file systems.

[0643] Referring back to FIG. 33, in the illustrated embodiment, when anagent 24 detects that the utilized portion of a file system associatedwith a managed host 12 has exceeded a predefined threshold 244, 268 (orupon request of the SAN operator/administrator, or based on othercriteria or conditions), it transmits an event notification to themanager 20. The manager 20 determines, based on the predefined policy240 whether the file system of this managed host 12 should be extended.If the predefined policy 240 mandates the extension of the file system,the manager 20 identifies which LUNs should be utilized and assigns oneor more identified LUNs to that host 12. Upon receiving the LUN IDs fromthe manager 20, the agent 24 that is operating on the host 12 extendsthe file system as discussed below.

[0644] Generally, the agent 24 executes the following steps to extendthe file system:

[0645] 1. Initialize the newly assigned LUNs by converting them to aform understood by the host operating system. In some operating systems,this is referred to as writing a signature to the devices and isanalogous to formatting a hard disk.

[0646] 2. Create a logical representation (e.g., an “object”) of eachnewly assigned LUN that corresponds to the underlying physical devices.

[0647] 3. Add the objects to the logical grouping that form the hostfile system.

[0648] 4. Increase the logical volume size of the file system by anamount equal to the entire size of the newly added LUNs.

[0649] 5. Increased the size of the file system to occupy the increasedlogical volume size

[0650] In an embodiment of the invention for use with the AIX Journalfile system, the agent extends the host file system by executing thesteps of

[0651] 1. Convert the newly assigned LUNs to physical volumes usingbuilt-in host operating system features.

[0652] 2. Add the physical volume(s) into the volume group of the filesystem to be extended, using the host API.

[0653] 3. Extend the logical volume onto the new assigned LUNs using thehost API.

[0654] 4. Extend the file system by an amount equal to the capacity ofthe newly assigned LUNs, again, using the host API.

[0655] Upon completion, the agent 24 notifies the manager 20 of thesuccessful file extension (and, subsequently, the user). If any of theabove steps fail, the file system is not extended and the agent 24notifies the manager 20 of the failure.

[0656] In an embodiment of the invention for use with, Veritas or Unixfile systems (created using Veritas volume manager and managed under aSolaris operating system) are dynamically extended. As above, once giventhe newly assigned disk ID(s) and the name of the file system to extend,the agent 24 automatically increases the file system and its underlyingvolume by an amount equal to the size of the assigned disks. Thespecific steps (analogous to those above) that the agent 24 performs toaccomplish this task are as follows.

[0657] 1. The agent utilizes the host Solaris API to initialize the LUNsby writing a new label to the newly assigned LUNs (this equates withwriting a signature to the disks).

[0658] 2. The agent utilizes the Veritas API to configure the LUN(s) foruse with Veritas Volume manager by converting the newly assigned LUN(s)into VM Disks (which are analogous to physical volumes).

[0659] 3. The agent utilizes the Veritas API to add the VM Disk(s) tothe disk group where the logical volume of the file system to beextended resides.

[0660] 4. The agent utilizes the Veritas API to increase the size of thefile system and its underlying volume by adding all the available diskspace from the assigned LUN(s).

[0661] As above, if any of the steps fail, the file system is notextended. The manager 20 is notified of the success or failure of thefile extension procedure.

[0662]FIG. 35 illustrates the process 308 that the agent 24 undertakesto extend file systems in accord with the invention. First, a new labelis written to an assigned LUN 310. The newly labeled LUN 312 is theninitialized and configured for use with the Veritas volume manager (VM)by converting the LUN 312 into VM disks 314. This involves separatingthe LUN 314 into one or more partitions (in this example having a totalsize of 2 Gigabytes). The configured disk 322 is then added to a diskgroup 316 that contains the file system to be extended. In this example,disk group 316 already contains two volumes 318, 320, and the filesystem to be extended resides on one volume 318. All the available diskspace (2 Gigabytes) from the configured VM disk 322 is then added to thelogical volume 318, thereby increasing the size of the file system 324and its underlying volume 326.

[0663] Dynamically Enabling SAN Manager

[0664] Upon installation of software defining the agents 24 and manager20, scanners in the agents operate as described above, e.g., to identifydevices connected to their respective hosts. That information istransmitted to the SAN manager 20 and, specifically, to the discoverengine 40 (and, therefrom, to the manager service 38) for generation ofa topological representation of the SAN. This is presented via thegraphical user interface, e.g., NetView console, to theoperator/administrator for purposes of making LUN assignments andotherwise administering the SAN.

[0665] If operated in the manner described above, the filter drivers 354would prevent the hosts 12 from accessing any fiber channel storagedevices 14 at the time of installation of the agent software—because, atthat point, LUN assignments have not yet been made. This can beproblematic when, for example, the installation is made over preexistingsystems, insofar as users of the hosts 12 would be prevented fromaccessing the devices until installation is complete and assignments aremade. To minimize such potential for interruption to users and hosts,the illustrated embodiment utilizes the mechanisms below to permit hostscanning, topology generation, and LUN assignment (among other SANfunctions) upon installation, without preventing the hosts fromaccessing storage devices—at least until such time as theoperator/administrator formally “deploys” the system.

[0666] Referring to FIG. 41, three flags that reside in a central storeare utilized to determine whether the filter driver 354 is active ornot, and whether preliminary LUN assignment is enabled. These flags,which can be bits, bytes, fields, records, or other indicators, arereferred to here as “assign enable,” “fully enable,” and “disable.” Theassign enable flag, when activated by the administrator, allows host/LUNassignments to be made (these have a pending status until deployed). Thefully enable flag, if set by the administrator, activates the filterdrivers 354. The disable flag, if set by the administrator, disables thefilter drivers 354. In the illustrated embodiment, the flags are storedin a configuration file 500 on the manager digital data processor 20,though in other embodiments the flags reside anywhere in the SAN (e.g.,together, independently or otherwise) accessible to the hosts 12 andmanager 20.

[0667] When the SAN software is first installed, the disable flag isset, thereby permitting the agents and scanners to act in the normalcourse, but prohibiting the filter driver 354 from intercepting andblocking storage device claims for unassigned LUNs (or from otherwiseblocking access to such LUNs). Hence, until deployment, the hosts 12 canaccess all storage devices to which they are coupled via theinterconnect 16.

[0668] In order to configure the SAN, the operator/administrator setsthe assign enable flag in the configuration file 500 by selecting theenable button 116 a (or other user input field or option) on thegraphical user interface (GUI) shown in FIG. 19. This has the effect ofallowing preliminary host/LUN assignments to be made. Because thedisable flag is still set at this point, the hosts 12 can continue toaccess devices 14 while the administrator is making pending assignments.

[0669] Once finished making preliminary host/LUN assignments, theoperator/administrator initiates activation of the filter driver 354, byselecting the deploy button 116 b (or other user input field or option)on the GUI, which has the effect of setting the fully enable flag. Insome embodiments, the filter drivers 354 are installed on theirrespective hosts 12 at the time the agent software is installed. Inthese embodiments, the filter drivers 354 are activated when the fullyenable flag is set. In the illustrated embodiment, selection of thedeploy button 116 b has the additional effect of causing the manager 20to download the filter drivers 354 to the respective agents the firstinstance. In either embodiment, selecting the deploy button 116 b cancause the hosts to reboot, e.g. after downloading of the filter driver354 and/or setting of the fully-enable flag, so that the storage deviceclaiming process can proceed as described earlier.

[0670] The operator/administrator can subsequently disable the filterdrivers 354 and, thereby, permit the hosts 12 to access all devices 14,by selecting the disable button 116 c on the GUI (shown in FIG. 19).This action causes the disable flag in the configuration file 500 to beset, and the filter drivers 354 to be disabled.

[0671] The foregoing defines a two-step process. The first step is toenable assignments, and the second step is to deploy the agents (filterdrivers). If the operator/administrator is not concerned about a periodof no access, he/she can invoke the second step immediately after thefirst step. However, the administrator can also invoke the first step,make a preliminary set of Host/LUN assignments and then invoke thesecond step to deploy the agents. Doing so will provide theadministrator with continuous access (other than the time for a reboot)to those LUNs which have been assigned. Assignments made between the twosteps are displayed as “pending” until the second step (deployment) hasbeen completed. Until the second step is executed the filter driver 354is considered disabled and file extensions will not occur. The firststep only allows initial assignments to be made before masking isenabled.

[0672] Launching Device Specific Applications

[0673] As discussed above, a SAN according to the invention can includea variety of components, such as one or more digital data processorshosts, one or more storage device, and a switching fabric, having avariety of components, such as, switches, hubs, gateways, for providingcommunication between the hosts and the storage devices. Thesecomponents are typically acquired from different vendors, and havevarious application software associated therewith. For example, theswitching fabric components can have vendor-specific managementapplications that allow configuring and/or managing these components.

[0674] The illustrated embodiment permits the SAN operator/administratorto execute these vendor-specific applications from a single graphicaluser interface, to wit, that SAN manager GUI 20, in a manner describedin more detail below.

[0675] With reference to FIG. 6 and FIG. 42, the SAN manager service 38maintains a representation of the SAN that provides information, interalia, regarding the identity of the SAN components, and the connectivityof these components. In addition, the manager service 38 maintains forselected components, for example, the switching fabric components,information regarding management applications specific to them. Thesecan be applications, by way of non-limiting example, residing directlyon the components, applications invoked or effected through HTTP, telnetor other servers residing on the components or on proxy servicesresiding elsewhere, and/or via applications running on the SAN manageritself. This information is stored, for example, in a file, referred toherein as a “Rules” file, which identifies each of the selectedcomponents and the applications and communication interfaces supportedby that component, e.g., telnet, SNMP. In the illustrated embodiment, amark-up language, e.g, XML, is utilized to format the informationcontained in the Rules file, though in other formats may be used insteador in addition.

[0676] Information regarding the component management applications canbe obtained from the operator/administrator (e.g., via prompt and/ormenu option when the respective components are first added to the systemor subsequently) and/or obtained directly from the componentsthemselves. In the case of the latter, the information can be obtainedvia standardized queries, such as Management Server queries or FCMANAGEMENT MIB queries. In the case of components that cannot respond tosuch queries with the necessary information (as where the correspondingmanagement application resides on the SAN manager itself) and/or thathave multiple management applications, any information obtained from thecomponent is augmented in the Rules file with information, e.g.,obtained from the operator/administrator, identifying the necessary orpreferred application.

[0677] The Netview server can effect retrieval of the SAN representationfrom the manager service 38 and the display of selected informationdiscerned from the retrieved representation on the Netwiew console 52,as described in detail above. In one embodiment, the Netview console 52displays a plurality of graphical objects, e.g., icons, each of whichrepresents one of the SAN components. Alternatively, a textual list ofthe SAN components can be displayed. Further, the Netview console 52provides an operator, e.g., the SAN administrator, with a user interfaceelement, such as keyboard or mouse, that permits selection of one of thedisplayed components.

[0678] The Netview server allows the operator to launch an applicationprocess associated with a selected SAN component, such as, a managementapplication residing on that component, such as, a switch, in a mannerdescribed below. In response to the selection of a graphical objectrepresenting a SAN component, the Netview server accesses the Rules fileto obtain information regarding the application processes associatedwith that selected component, and effects the display of thisinformation, for example, in the form of a menu, on the Netview console52. In some embodiment, a plurality of management applications residingon a selected component are displayed while in other embodiments, onlythe primary management application is displayed. To facilitate thedisplay of information regarding on the SAN components on the Netviewconsole, in some embodiments, the Netview server stores the informationretrieved from the SAN manager service 58 regarding the applicationsresiding on the SAN components in a persistable storage.

[0679] The Netview server 54 responds to the selection of one of thedisplayed application processes by effecting the launching of thatapplication process via an interface process, such as a web-basedbrowser application, a telnet process, or an SNMP application. Moreparticularly, the Netview server 54 communicates with the SAN managerservice 38 to retrieve information, such as, launch method and itsrespective parameters, therefrom. The SAN manager service responds to arequest from the Netview server for the launch information by parsingthe Rules file to generate an object, e.g., an XML object, that containsthe requisite information, and transmits the information to the Netviewserver. The Netview server utilizes the object returned from the SANmanager service to effect the launching of the selected applicationprocess.

[0680] Once the selected application, e.g., a management application, islaunched, the operator can utilize the application, via the interfacesoftware provided by the Netview server, to configure and/or manage theSAN component on which the application resides. This advantageouslyallows the operator, e.g., the SAN administrator, to manage a variety ofSAN components, having different management applications, from a singleentry point, that is, from the Netview server/console.

[0681] A further appreciation of the illustrated embodiment may be fromthe discussion below.

[0682] In the illustrated embodiment, the format of the rules file iscomprised of three sections—the version, the supported device types, anda collection of the individual device rules themselves.

[0683] Version Section

[0684] The version section is used to hold the version of the rules fileand is comprised of a major and a minor number. The San Manager softwarecan handle minor version changes, but will not allow launch to operatewith major version changes. If new fields are added, this would beconsidered a major change to the rules file and the major number wouldneed to be updated along with the SAN Manager software. The addition Ifa new rule, a new device type, or a change in a current value, areconsidered minor changes as the format remains the same.

[0685] Device Type Section

[0686] This section is used to hold all device types for which rules aredefined. If a rule is added for a device type that is not currentlyassociated with any rule, then this device type is added to the devicetypes section as one of the types.

[0687] For example, if the current version of the rules file containsswitches and hubs in the device type section and all the rules relate toswitches and hubs, then if another rule (say a CDRom) for a type otherthan switch or hub is added, a new type will be added to the device typesection.

[0688] Rule Section

[0689] The rules section is comprised of multiple rules—one or morerules per managed device. The rule itself is comprised of twosections—the id section and the management information section. The idsection is used to uniquely identify the device to be managed. Themanagement information section is a collection of multiple types ofmanagement information, each one describing a certain method formanaging the particular device. There can be multiple management methodsavailable for managing a particular device.

[0690] ID Section

[0691] The id section is comprised of a collection of parameters thatare used to uniquely identify the device that the rule represents. Arule match is obtained by matching an object's attributes with theparameter values contained in the id section of the rule.

[0692] OR Operation

[0693] Normally, all parameters in the ID section are AND'ed togetherwith the exception of the parameters with the same name that are listedconsecutively in the ID portion of the file, which are OR'ed together.For example, a sample ID portion of a rule is shown below. Note thatthere are two parameters with the same name (“Type”) in the ID portion.The software will interpret this as meaning that the ID is satisfiedwith an attribute value of “Switch” or “Hub”. <ID> <Parameter><Name>Vendor ID</Name> <Value>Brocade Communications, Inc.</Value></Parameter> <Parameter> <Name>Type</Name> <Value>Switch</Value></Parameter> <Parameter> <Name>Type</Name> <Value>Hub</Value></Parameter> </ID>

[0694] To complete the example, the preceding ID is equivalent to thefollowing logical expression:

[0695] Vendor ID=Brocade Communications, Inc. AND (Type=Switch ORType=Hub).

[0696] Control Characters

[0697] Defined control characters are allowed in the rules file andcause specific actions to occur depending on the control character. Thefollowing is a list of the control characters provided in oneembodiment:

[0698] CONTROL CHARACTER: “!”

[0699] DEFAULT CHARACTER: “?”

[0700] WILDCARD_CHARACTER: “*”

[0701] CONTROL_CHARACTER: “!”—occurs before any other control typecharacter. This is the main control character, which informs thesoftware that another control type character exists.

[0702] DEFAULT_CHARACTER: “?”—the default character allows having aparameter match if the device for which a rule is to be identifiedcontains a value for the parameter. For example, the following parametercan be present in the ID section of a rule: <Parameter> <Name>ManagementTelnet Address</Name> <Value>!?</Value> </Parameter>.

[0703] This indicates that if the device has a value for the attribute(parameter) Management Telnet Address, then this parameter is a match.Of course, all parameters must match for a complete ID match and thus arule match.

[0704] WILDCARD_CHARACTER: “*”—the wildcard character is used to allowany value to be valid in a specific character of a parameter string. Ifthere is more than one character in a string that can contain any valueto be valid, then there are multiple wildcard characters in the Valuestring. For example, the following parameter: <Parameter><Name>Model</Name> <Value>Silkworm 1!***</Value> </Parameter>.

[0705] indicates that to match the Model attribute (parameter), a Valuestring of Silkworm 1000-1999 will be accepted. Any number of controlcharacters can be contained in the wildcard character for a parametervalue. However, in order for the wildcard character to work, it shouldcontain at least one control character. For example, “Silkworm 1***”would not work properly. It would only work if the device's model numberwhere the string “Silkworm 1***” which is not what we would expect(1000-1999). The following example further illustrates this point:<Parameter> <Name>Model</Name> <Value>Silkworm 1!*5*</Value></Parameter>.

[0706] The above example will accept any value in the 11^(th) and13^(th) characters of the string. Only 1 control character is necessaryin the string even though the wildcard flags are separated. Although notnecessary, a control character can be put before each wildcardcharacter. The placement of the control character is also notimportant—it could be contained anywhere in the string. “!Silkworm 1***”would work just the same as the above example.

[0707] Management Information Section

[0708] Any particular rule can have one or more management informationsections. Each management information section describes a particularmanagement method for the device. In one embodiment, there are fourpossible management information types depicted below:

[0709] 1. Telnet

[0710] 2. URL

[0711] 3. Application

[0712] 4. SNMP.

[0713] The management information section is comprised of the followingformat:

[0714] Type—one of the four types listed above

[0715] Primary—a Boolean (True, False) value indicating if this is theprimary management method for the device.

[0716] Command—command section containing the command format and staticparameters (StaticParameters), and the discovered parameter names(Name).

[0717] Below is a sample Management Information section of the rulesfile: <ManagementInformation> <Type>Telnet</Type><Primary>True</Primary> <Command><StaticParameters>%1</StaticParameters> <Name>Management TelnetAddress</Name> </Command> </ManagementInformation>

[0718] The above management information section indicates that the typeis Telnet, that this management information is the primary managementinformation for the device, and the command format is one discoveredparameter named “Management Telnet Address”.

[0719] Command Section

[0720] The command section contains a StaticParameters section and oneor more Name sections.

[0721] The StaticParameters section contains the command (if there isone), the format of the command, and any static parameters, if any. Theplacement of Discovered parameters in the command format are representedby a “%” character with the characters immediately following the “%”indicating which number the parameter is in the list of discoveredparameters that follow. This numbering starts from 1.

[0722] The discovered parameters are stored by the Name section—one Namesection for each discovered parameter.

[0723] The command section in the above example shows no command, nostatic parameters, and the format indicates that there exists onediscovered parameter. This is all shown by the %1. The one discoveredparameter is contained in the Name section and is “Management TelnetAddress”. Since telnet is a command supplied by the operating system,the type alone indicates what the command is and the Command sectiononly needs to supply the command format, any static parameters, and anydiscovered parameters. This is also true of the URL and SNMP types. Infact, in some embodiments, only the Application type will have a commandpresent in the StaticParameters field—an example of this is shown below:<ManagementInformation> <Type>Application</Type><Primary>False</Primary> <Command> <StaticParameters>managementApp -m %1-p %2 -a %3</StaticParameters> <Name>Model</Name> <Name>Port</Name><Name>Management Address</Name> </Command> </ManagementInformation>

[0724] The example shows the type of management information isApplication, and that this is not the primary management method, and thecommand includes the following:

[0725] Command and format—managementApp is the executable name and theformat of the command is “managementApp-m Model-p Port-a ManagementAddress.

[0726] Sample Rules File

[0727] Below is a sample rules file that contains only one rule.<RulesFile> <Version> <Major>1</Major> <Minor>0</Minor> </Version><DeviceTypes> <Type>Switch</Type> <Type>Hub</Type> </DeviceTypes> <Rule><ID> <Parameter> <Name>Vendor ID</Name> <Value>Brocade Communications,Inc.</Value> </Parameter> <Parameter> <Name>Type</Name><Value>Switch</Value> </Parameter> <Parameter> <Name>Model</Name><Value>Silkworm 1!***</Value> </Parameter> </ID> <ManagementInformation><Type>Telnet</Type> <Primary>True</Primary> <Command><StaticParameters>%1</StaticParameters> <Name>Management TelnetAddress</Name> </Command> </ManagementInformation><ManagementInformation> <Type>URL</Type> <Primary>False</Primary><Command> <StaticParameters>%1</StaticParameters> <Name>Management URLAddress</Name> </Command> </ManagementInformation><ManagementInformation> <Type>SNMP</Type> <Primary>False</Primary><Command> <StaticParameters>%1 fcfe.mib</StaticParameters><Name>Management Snmp Address</Name> </Command> </ManagementInformation><ManagementInformation> <Type>SNMP</Type> <Primary>False</Primary><Command> <StaticParameters>%1 fcfe.mib</StaticParameters><Name>Management Snmp Address</Name> </Command> </ManagementInformation><ManagementInformation> <Type>SNMP</Type> <Primary>False</Primary><Command> <StaticParameters>%1 fcfe.mib</StaticParameters><Name>Management Snmp Address</Name> </Command> </ManagementInformation></Rule> DTD Format

[0728] Below is shown the XML DTD for the rules file.

[0729] <!ELEMENT RulesFile (Version, DeviceTypes, Rule*)>

[0730] <!ELEMENT Version ( Major, Minor)>

[0731] <!ELEMENT DeviceTypes (Type*)>

[0732] <!ELEMENT Rule (ID, ManagementInformation*)>

[0733] <!ELEMENT ID (Parameter*)>

[0734] <!ELEMENT Parameter (Name, Value)>

[0735] <!ELEMENT ManagementInformation (Type, Primary, Command)>

[0736] <!ELEMENT Command (StaticParameters, Name*)>

[0737] <!ELEMENT Type (#PCDATA)>

[0738] <!ELEMENT Primary (#PCDATA)>

[0739] <!ELEMENT StaticParameters (#PCDATA)>

[0740] <!ELEMENT Name (#PCDATA)>

[0741] <!ELEMENT Value (#PCDATA)>

[0742] <!ELEMENT Major (#PCDATA)>

[0743] <!ELEMENT Minor (#PCDATA)>

[0744] Interfacing with Multiple Host Platforms

[0745] The illustrated embodiment utilizes a component architecture asshown in FIG. 43 to facilitate implementation of the agents on hosts 12of varied platform types and, specifically, by way of example tofacilitate collecting scan information from multiple host platforms.This architecture also facilitates testing of agent implementations andthose of aspects of the SAN manager 20 that process and generateagent-specific data.

[0746] Referring to FIG. 43, SAN manager 20 includes a service 510 whichprovides a communication interface for query engine 46 (of FIG. 6). Morespecifically, service 510 transmits and receives XML data to/from theagents 24. It interfaces with inband or outband handlers (see FIG. 6) ofengine 46, transmitting XML or other data generated by them to theagents 24, while receiving XML (or other) data from them for transfer tothe handlers.

[0747] Communication service 510 includes an agent registry 512(corresponding to the same-named element of FIG. 6) that identifiesagents “known” to the SAN manager 20 via their (the agents) registeringwith the service 510, e.g., at the time of the respective hostdeployment and/or boot-up. The registry 512 lists the agents byidentifier and provides addresses (e.g., IP addresses or otherwise)through which they can be accessed, e.g., over LAN 18 or other mediumvia which the manager 20 and agents 24 are coupled. Though thediscussion that follows focuses on the communication service 510 of thequery engine 46, those skilled in the art will appreciate that likefunctionality can be supplied with event correlator 48 of SAN manager 20and its counterparts event subAgents of the agents 24, as well as withother components of the SAN manager that communicate with those agents.

[0748] Agents 24 reside on hosts 12 and operate in the manner describedat length elsewhere herein. Those hosts can be of a variety ofplatforms, including by non-limiting example Windows NT, Windows 2000,Aix, Solaris, and so forth. As noted above, each agent comprises aframework and subAgents, the latter representing major agent services orfunctions. In the illustrated embodiment, the framework and thoseportions of the subAgent implementations common to all host platformsare implemented in Java or other platform-independent code (i.e., codethat can be readily ported from platform to platform). This includes thesubAgent services that provide overall control of host/LUN masking, aswell as those that provide overall control of scanning, and so forth. Inthe illustration, this platform-independent code is labeled as “commoncode.” Filter drivers, device drivers and other aspects of agentimplementation that are platform specific are implemented in C or otherplatform-dependent code (i.e., code that is specific to each platform).This is represented in the drawing by names of the respectiveplatform-specific scanners (though, it can represent more than merelyscanners).

[0749] In the illustrated embodiment, a novel mechanism is utilized toprovide communication between the platform-independent modules and theplatform-dependent modules. Particularly, as such communicationpotentially crosses language barriers, the platform-dependent functionsare implemented as a standalone applications which accepts input viacommand line parameters and return the output through Standard Output orStandard Error. More simply put, the platform-independent functionsinvoke and communicate with the platform-dependent function via acommand line interface.

[0750] In operation, XML encoding requests, commands or data generatedby the query engine 46 is passed to communication service 510, alongwith an identifier of the agent to which the same is to be directed.Service 510 determines from registry 512 and address for the targetagent and transmits the data accordingly via LAN 18 (or other medium).The XML is communicated via CORBA in the illustrated embodiment, thoughother protocols and/or mechanisms can be used instead or in addition.Platform-independent modules comprising the agent framework andsubagents receive the XML requests, commands or data and process them inaccord with the implicated agent function and services. Processing thatrequires action of the platform-dependent modules are communicated tothem via the command line, as noted immediately above. Data and otherinformation generated by the platform-dependent modules is returned viaStandard Output, Standard Error or other such operating systemcommand-level environmental variables. In the illustrated embodimentthat data or other information, which is encoded by theplatform-dependent modules in XML (or other suitable format), istransmitted via the platform-independent framework or subAgents back tothe service 510, via LAN 18, for processing by the SAN manager.

[0751] An advantage of the architecture illustrated in FIG. 43 is thatit separates the platform dependent/independent components of the agentimplementations, e.g., at the subAgent/Scanner boundary. In addition tofacilitating development of agent implementations on a variety ofplatforms, this allows for great flexibility in testing. Thus, forexample, since the scanners or other platform-dependent modules areimplemented as stand-alone applications, they can be executedindependently for unit level testing.

[0752] Moreover, re-creation of agent output is easily accomplished byexecuting the standalone scanner and capturing the output in a file,which is later read by a modified version of the agent. That is, theagent executes an application and then receives the output by capturingthe Standard Output information. A modified version of the scanner orother platform-dependent module can simply read a file previouslycreated by a Scanner and outputing this file to Standard Out. Theinformation can be manually modified, to provide larger sets ofinformation that are not possible to physically configure or generatetest datasets for other difficult situations, and used as input by usingthe same modified module (which reads a previously generated file androutes the information to Standard Out).

[0753] Described herein are systems and methods achieving the objectsset forth above. Those skilled in the art will appreciate that theillustrated embodiments are mere examples of the invention and thatother systems and methods incorporating additions, modifications orother changes therein fall within the scope of the invention. By way ofnon-limiting example, it will be appreciated that the system and methodsdescribed herein can be implemented on any variety of manager and hostdigital data processor platforms. Further, it will be appreciated thatprogramming constructs in addition to and other than those describedabove may be used in practicing the invention. By way of still furthernon-limiting example, it will be appreciated that graphical userinterface techniques other than and/or in addition to those describedherein may be beneficially employed in systems and methods of theinvention. Still further, interconnection media and schemes in additionto and other than those described above can be used to supportcommunications between the managers, hosts and/or storage devices.

In view of the foregoing, what we claim is:
 1. In a storage area network(SAN) of the type having at least one digital processor having one ormore ports in communication coupled with one or more peripheral devices,where the peripheral devices can comprise any of (i) SAN-class storagedevices and (ii) other peripheral devices, one or more processes thatexecute on the digital data processor and that generate requests foraccess to the one or more of the peripheral devices, the improvementcomprising: a store that identifies ports in communication coupled withone or more peripheral devices that comprise SAN-class storage devices,a filter, coupled to the store and to the one or more processes, thatblocks access to selected peripheral devices identified as comprisingSAN-class storage devices.
 2. In the SAN of claim 1, the furtherimprovement wherein the store identifies ports in communication coupledwith one or more peripheral devices that comprise a fiber channelstorage device, the filter blocks access to selected peripheral devicesidentified as comprising fiber channel storage devices.
 3. In the SAN ofclaim 1, the further improvement wherein the store comprises at least aportion of a registry maintained by an operating system of the digitaldata processor.
 4. In the SAN of claim 1, the further improvementwherein the filter passes requests for access to peripheral devices notidentified as comprising SAN-class storage devices.
 5. In the SAN ofclaim 1, the further improvement comprising an element that designatesselected SAN-class storage devices as assigned to the digital dataprocessor, and wherein the filter passes requests for access toperipheral devices that are identified as comprising SAN-class storagedevices and that are designated as assigned to the digital dataprocessor, and the filter blocks access to peripheral devices that areidentified as comprising SAN-class storage devices and that are notdesignated as assigned to the digital data processor.
 6. In the SAN ofclaim 5, the further improvement wherein the digital data processorexecutes a user mode process identifies ports in communication couplingwith one or more peripheral devices that comprise SAN-class storagedevices, the user mode process storing that information to the store. 7.In the SAN of claim 6, the further improvement wherein the filterexecutes in kernel mode of the digital data processor.
 8. In the SAN ofclaim 7, the further improvement comprising a kernel mode process,coupled to the store, that executes a boot-up of the digital dataprocessor and that validates identification by the user mode process ofperipheral devices that comprise SAN-class storage devices.
 9. In theSAN of claim 8, the further improvement wherein the user mode processexecutes at boot-up of the digital data processor, and the kernel modeprocess validates identification made by the user mode process during aprior boot-up of the digital data processor.
 10. In the SAN of claim 9,the further improvement wherein the filter passes requests for access toperipheral devices for which the kernel mode process indicates theidentification is not valid unless those requests comprise claims foraccess to peripheral devices that are hard disk devices and that are notdesignated as assigned to the digital data processor.
 11. A storage areanetwork (SAN), comprising: at least one digital processor having one ormore ports in communication coupled with one or more peripheral devices,where the peripheral devices can comprise any of (i) SAN-class storagedevices and (ii) other peripheral devices, the digital data processorexecuting one or more processes that generate requests for access to theone or more of the peripheral devices, the digital data processorcomprising a store that identifies ports in communication coupled withone or more peripheral devices that comprise a SAN-class storage device,a manager in communication with the digital data processor, the managerdesignating zero, one or more SAN-class storage devices as assigned tothe digital data processor, a filter, coupled to the store, to the oneor more processes and to the manager, that blocks access to selectedperipheral devices identified as comprising SAN-class storage devices.12. A SAN according to claim 11, wherein the filter blocks access toSAN-class storage devices by preventing claiming thereof by a classdriver executing on the digital data processor.
 13. In the SAN of claim11, the further improvement wherein the selected digital data processoris coupled to the one or more storage devices by a first network.
 14. Inthe SAN of claim 12, wherein the manager digital data processor iscoupled to the selected digital data processors by a second network. 15.In the SAN of claim 13, wherein the first network comprises fiberchannel and the second network is an IP network.
 16. In the SAN of claim11, the further improvement wherein the digital data processor executesa user mode process that identifies ports in communication coupling withone or more peripheral devices that comprise SAN-class storage devices,the user mode process storing that information to the store.
 17. The SANof claim 16, the further improvement wherein the filter executes inkernel mode of the digital data processor.
 18. The SAN of claim 17, thefurther improvement comprising a kernel mode process, coupled to thestore, that executes a boot-up of the digital data processor and thatvalidates identification by the user mode process of peripheral devicesthat comprise SAN-class storage devices.
 19. The SAN of claim 18, thefurther improvement wherein the user mode process executes a boot-up ofthe digital data processor, and the kernel mode process validatesidentification made by the user mode process during a prior boot-up ofthe digital data processor.
 20. The SAN of claim 19, the furtherimprovement wherein the filter passes requests for access to peripheraldevices for which the kernel mode process indicates the identificationis not valid unless those requests comprise claims for access toperipheral devices that are hard disk devices and that are notdesignated as assigned to the digital data processor.